General
-
Target
incorrect bank accountdetails.exe
-
Size
1015KB
-
Sample
210511-b6znfcl19e
-
MD5
16ac48b497b41ed5c7c91151db5cb1bd
-
SHA1
63e1e2fbad01c5bde26f5d0a03c7ff67be1f9de3
-
SHA256
731d4912db7dffdbdad671f3606fcdf1aa28bc081f13a12dc59b08cafbb5e944
-
SHA512
13a5d6aecf1d1acbd5015f9d79e7342c426492ab277be1a929cc5132769eff1021a5d46161fb61e991807b9a2ecdebbc67d50210391507b4d3421fa947ee5b2a
Static task
static1
Behavioral task
behavioral1
Sample
incorrect bank accountdetails.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
incorrect bank accountdetails.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.mdist.us - Port:
587 - Username:
ln@mdist.us - Password:
Ln#4321
Targets
-
-
Target
incorrect bank accountdetails.exe
-
Size
1015KB
-
MD5
16ac48b497b41ed5c7c91151db5cb1bd
-
SHA1
63e1e2fbad01c5bde26f5d0a03c7ff67be1f9de3
-
SHA256
731d4912db7dffdbdad671f3606fcdf1aa28bc081f13a12dc59b08cafbb5e944
-
SHA512
13a5d6aecf1d1acbd5015f9d79e7342c426492ab277be1a929cc5132769eff1021a5d46161fb61e991807b9a2ecdebbc67d50210391507b4d3421fa947ee5b2a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-