General
-
Target
BANK DETAILS.zip
-
Size
506KB
-
Sample
210722-j31qx87eax
-
MD5
d96806deb211163cce64cb6d8bfe76e1
-
SHA1
c0d8526c8b8f50023a91eaba2e2a9d50f89ae01f
-
SHA256
fe9a3933128b2954090c969682e654f1349ed093f45d4bd2e8546beff5497654
-
SHA512
63c0152effbcf373f0824c60affc8e96fc3930a75bea5c9ce00f05225ab36d182c6b82e4100bd2ccebec8e53f0586b3f8a25796e1bda7e162e2cf1ad7d7dfe6d
Static task
static1
Behavioral task
behavioral1
Sample
BANK DETAILS.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
BANK DETAILS.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
framafilmsint@framafilms.com - Password:
lister11
Targets
-
-
Target
BANK DETAILS.exe
-
Size
894KB
-
MD5
fb06ed245f080393bbfe1ae577053085
-
SHA1
a003c960669f5a64ae182dcfc9d7185750a84f0d
-
SHA256
2f639103b3a2a16f0eacad22c7df0a037c3a45d74cfe09ce96f86e13fe74a1b8
-
SHA512
cf75bb4fe26c743c3e448700a7baccb233f82113562afd46836beebe0593a21adc34d15de9dfa7918a034b6b75a8e2a4c989391c1b3dcf08a17dc8b0983932e3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-