General
-
Target
Bank details.exe
-
Size
639KB
-
Sample
210728-2r2ww8krya
-
MD5
3046ccc1f0525c0b8a021ac68c6956c1
-
SHA1
a6d9ddc23d9be64db5031a4e3a0f442c5e3084d9
-
SHA256
fe002c6ea5fb08da2485b6ccfdc4f6cb32870afb57ae851b49aae5b3a74b5f80
-
SHA512
9cd2c359c37cd83e6ef6c07a83d01b69f3dd93a0defdef8a305a6209a4fe3c9695f3b100c5329a94324b2c996bf5d9b20d73dba8cfa58305d905c6da791a68f5
Static task
static1
Behavioral task
behavioral1
Sample
Bank details.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Bank details.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.qwerrrty.us - Port:
587 - Username:
1stman@qwerrrty.us - Password:
4p(N#wZ]=7T98Hu)
Targets
-
-
Target
Bank details.exe
-
Size
639KB
-
MD5
3046ccc1f0525c0b8a021ac68c6956c1
-
SHA1
a6d9ddc23d9be64db5031a4e3a0f442c5e3084d9
-
SHA256
fe002c6ea5fb08da2485b6ccfdc4f6cb32870afb57ae851b49aae5b3a74b5f80
-
SHA512
9cd2c359c37cd83e6ef6c07a83d01b69f3dd93a0defdef8a305a6209a4fe3c9695f3b100c5329a94324b2c996bf5d9b20d73dba8cfa58305d905c6da791a68f5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-