General
-
Target
Review bank details.zip
-
Size
1.1MB
-
Sample
210119-lmla338hbn
-
MD5
116f1d2159eeac9ec6ca9f6b9ee0b065
-
SHA1
f1c9ab489d8d308e42ad4f494f8f934b6d458273
-
SHA256
1963c0f5fd308469be5a935b7aa363375da0ca49f7e4007bede6d0cf77a33b78
-
SHA512
c3f81a46c189cb1a8a162eeb4ea13fe07a0bea06c267d8e9b85afd19d38fb80e824a9279c542ec64cb634d61240d8b7577defb71e6240e076cdc9e9b31172aff
Static task
static1
Behavioral task
behavioral1
Sample
Review bank details.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Review bank details.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cybernetics.co.za - Port:
587 - Username:
maurice@cybernetics.co.za - Password:
P@ssw0rd
Targets
-
-
Target
Review bank details.exe
-
Size
1.7MB
-
MD5
510ef74732e1401f22fccfbcc4f311a4
-
SHA1
800c5e610ec96adac22802b1140c6a3bcc761707
-
SHA256
086f4dec8923c1d1a084cd47532fb0008bc3b3c928ba1856697679c81d1d4aae
-
SHA512
3aa464092030f2638f3824365fb3df7bcf48833072f4bca843fca35fa058fcef2dde5c8cae5229d3bc3eb0479b6b7ab105b6417f89a297c6ef85cca73e659063
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-