General
-
Target
HSBC payment advice EGHKEB0C01725410-T02-pdf.gz
-
Size
855KB
-
Sample
210511-qlldm6xshs
-
MD5
4ef48db6bd9e56a4ca8145eeb63e3487
-
SHA1
bb0f2c1b3de142501d6a66ff514f4facb351305d
-
SHA256
34a8e4ae7107286f0b77c6fd8606a9a7646951d653807af30a73342de87580d3
-
SHA512
36a36a875e128ae29af92d8fcef478ac7b358620ee97aa28f99719f2d54c7a1a0a21ce084ff77f517945e380344025d9fdd6315a54e2adb289104a4551c068cf
Static task
static1
Behavioral task
behavioral1
Sample
HSBC payment advice EGHKEB0C01725410-T02-pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
HSBC payment advice EGHKEB0C01725410-T02-pdf.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wavesbd.com - Port:
587 - Username:
sales@wavesbd.com - Password:
Wm#Vtyv{?y4(
Targets
-
-
Target
HSBC payment advice EGHKEB0C01725410-T02-pdf.exe
-
Size
949KB
-
MD5
295b078a224bfe38d0a8fed921ed744e
-
SHA1
e053703028052259eeb6f7aab186500d93898ba0
-
SHA256
7bc6a25d60011a784a488b24aef18f3352edacc5a9b81ce5f2410e9c4448e208
-
SHA512
8b1d60fcfa4ee29cd48a231440444db99ac48e73dba32a5f437858da841fa9864b2e5cac9382f16f62a11887a476b0dd8630b8bb1286873f06dda7169db7cbf9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-