General
-
Target
HSBC Customer Information.exe
-
Size
316KB
-
Sample
210830-keas459kbs
-
MD5
63ed62778eedac4623c8f38473272ea9
-
SHA1
ad1ff87b5385d12c24a683944c63e7f12326896c
-
SHA256
2fe02bf6a1fdfa0d584fad4a2c52aa2fa216f588e2ef93e42c00561c2b745731
-
SHA512
5b1a385567b0792c4f13fa67908a1a092033a804170062fc8a9f281f9588487c779bbedd9e3cb859a644572f4a7063ef31527e0808a03e64ddc3a5349a84da49
Static task
static1
Behavioral task
behavioral1
Sample
HSBC Customer Information.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
HSBC Customer Information.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.manojengineeringllc.solutions - Port:
587 - Username:
barrister-ricky@manojengineeringllc.solutions - Password:
hzmhA.wxasxF
Targets
-
-
Target
HSBC Customer Information.exe
-
Size
316KB
-
MD5
63ed62778eedac4623c8f38473272ea9
-
SHA1
ad1ff87b5385d12c24a683944c63e7f12326896c
-
SHA256
2fe02bf6a1fdfa0d584fad4a2c52aa2fa216f588e2ef93e42c00561c2b745731
-
SHA512
5b1a385567b0792c4f13fa67908a1a092033a804170062fc8a9f281f9588487c779bbedd9e3cb859a644572f4a7063ef31527e0808a03e64ddc3a5349a84da49
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-