General
-
Target
bank account details.exe
-
Size
1.1MB
-
Sample
210727-wzydqtln7s
-
MD5
6fa33275b4f3de73faabdd5dc084f0c9
-
SHA1
8b624a452820e2949eec05c2e16c6cb0cd685c12
-
SHA256
54997c9767d784fc3d566238940f84541c4b614ec794aceeb84d2bb8a4104bf5
-
SHA512
3854b0e82dae57b39d4cdbe4f82b044b08c618975878f68e2371e8de7df20c274a67187d1b02b1fcfe0153a195e6884bdba1bd23f55a0f315fe6823bb68cccbf
Static task
static1
Behavioral task
behavioral1
Sample
bank account details.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
bank account details.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tejoofashions.com - Port:
587 - Username:
it@tejoofashions.com - Password:
OmiCron#2019
Targets
-
-
Target
bank account details.exe
-
Size
1.1MB
-
MD5
6fa33275b4f3de73faabdd5dc084f0c9
-
SHA1
8b624a452820e2949eec05c2e16c6cb0cd685c12
-
SHA256
54997c9767d784fc3d566238940f84541c4b614ec794aceeb84d2bb8a4104bf5
-
SHA512
3854b0e82dae57b39d4cdbe4f82b044b08c618975878f68e2371e8de7df20c274a67187d1b02b1fcfe0153a195e6884bdba1bd23f55a0f315fe6823bb68cccbf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-