General
-
Target
HSBC payment advice EGHKEB0C01725410-T02-pdf.gz.exe
-
Size
949KB
-
Sample
210511-fpt4hnz1rs
-
MD5
295b078a224bfe38d0a8fed921ed744e
-
SHA1
e053703028052259eeb6f7aab186500d93898ba0
-
SHA256
7bc6a25d60011a784a488b24aef18f3352edacc5a9b81ce5f2410e9c4448e208
-
SHA512
8b1d60fcfa4ee29cd48a231440444db99ac48e73dba32a5f437858da841fa9864b2e5cac9382f16f62a11887a476b0dd8630b8bb1286873f06dda7169db7cbf9
Static task
static1
Behavioral task
behavioral1
Sample
HSBC payment advice EGHKEB0C01725410-T02-pdf.gz.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
HSBC payment advice EGHKEB0C01725410-T02-pdf.gz.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wavesbd.com - Port:
587 - Username:
sales@wavesbd.com - Password:
Wm#Vtyv{?y4(
Targets
-
-
Target
HSBC payment advice EGHKEB0C01725410-T02-pdf.gz.exe
-
Size
949KB
-
MD5
295b078a224bfe38d0a8fed921ed744e
-
SHA1
e053703028052259eeb6f7aab186500d93898ba0
-
SHA256
7bc6a25d60011a784a488b24aef18f3352edacc5a9b81ce5f2410e9c4448e208
-
SHA512
8b1d60fcfa4ee29cd48a231440444db99ac48e73dba32a5f437858da841fa9864b2e5cac9382f16f62a11887a476b0dd8630b8bb1286873f06dda7169db7cbf9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-