General
-
Target
bank account.exe
-
Size
780KB
-
Sample
210728-dg7wa5nwmn
-
MD5
a5640ac4a8b294df8ced6dfd0ca544f3
-
SHA1
94fc2bc720e88f5f1bcab268fd441c3f640d63c3
-
SHA256
c57c8d4d2e724683791c90f26d4499886ab0498688740b5433e1c4a36680564e
-
SHA512
c49a3f261ee1832bc41d887bf0b195ea707a4eb4fd15f46bd3ec55329169ae97d1953338e736532219b483b2954f76545544eb1e7fc632ea78c48b31bb012fbd
Static task
static1
Behavioral task
behavioral1
Sample
bank account.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
bank account.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
Mail.jingtai.com.vn - Port:
587 - Username:
[email protected] - Password:
truongtuyen2209
Targets
-
-
Target
bank account.exe
-
Size
780KB
-
MD5
a5640ac4a8b294df8ced6dfd0ca544f3
-
SHA1
94fc2bc720e88f5f1bcab268fd441c3f640d63c3
-
SHA256
c57c8d4d2e724683791c90f26d4499886ab0498688740b5433e1c4a36680564e
-
SHA512
c49a3f261ee1832bc41d887bf0b195ea707a4eb4fd15f46bd3ec55329169ae97d1953338e736532219b483b2954f76545544eb1e7fc632ea78c48b31bb012fbd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-