General
-
Target
Bank detail.rar
-
Size
73KB
-
Sample
210226-r97k2tcqds
-
MD5
a491710380944f4b9d970169620f8918
-
SHA1
53cd525b7330bdf19c4d69515edd3a4ce0300811
-
SHA256
8ef10e4d9594d4971844b1712ac80e08e7802a01c3ca14c55d03ef73ec2c5589
-
SHA512
ed09a7b757e3ec8923ed74958bf0b6ef4ac3e7d321980d7e73c6c7d7de2275e7027050f471e018c87a7d0043d9ea7e2d5f066b3cfb85ec3b3090e41750750144
Static task
static1
Behavioral task
behavioral1
Sample
Bank detail.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
Smtp.atlassecuritys.com - Port:
587 - Username:
[email protected] - Password:
}I9@Yru*QfuS
Targets
-
-
Target
Bank detail.exe
-
Size
602KB
-
MD5
96b5d1e477ce600443834fe49aeebb0f
-
SHA1
cb92343d21a4bbc069657364a569d415a3a9f4dc
-
SHA256
d4856d882862e4701c5e69131b4daf5d6b8e2ea213b5888975557bc41cf2f099
-
SHA512
4587c03d67f0f80557179c2c234d274e84d1f3afff628f4656fed07f927ea8746752e3034ad9c06173cd547d96716fe6e8afdea94ad93e7fee631d475edfe090
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Turns off Windows Defender SpyNet reporting
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-