General
-
Target
BANKINV28032021VBNSINO.exe
-
Size
88KB
-
Sample
210413-raf1sm5dke
-
MD5
151d732b9f85df31c367302c01d95ddd
-
SHA1
cc310356dfb1731e0ca612c51c68f3d331e15355
-
SHA256
f0d8c6ce081c68659bdc6c686b92fb95b3957a3b2acb1d13d96faf1e22fa597f
-
SHA512
dbc39ed87dbdf10435478009afa89efed3f895567b039826de74f6298e92c2ee2786afae11a4afa8255d49bded221b771aa29e37ae2be536da85ec189226b87a
Static task
static1
Behavioral task
behavioral1
Sample
BANKINV28032021VBNSINO.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
BANKINV28032021VBNSINO.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
lhj@hyundal-electric.com - Password:
mVxcMPf8ceo212
Targets
-
-
Target
BANKINV28032021VBNSINO.exe
-
Size
88KB
-
MD5
151d732b9f85df31c367302c01d95ddd
-
SHA1
cc310356dfb1731e0ca612c51c68f3d331e15355
-
SHA256
f0d8c6ce081c68659bdc6c686b92fb95b3957a3b2acb1d13d96faf1e22fa597f
-
SHA512
dbc39ed87dbdf10435478009afa89efed3f895567b039826de74f6298e92c2ee2786afae11a4afa8255d49bded221b771aa29e37ae2be536da85ec189226b87a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Guloader Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-