General
-
Target
Bank details.r15
-
Size
430KB
-
Sample
210915-h9fkcadbdm
-
MD5
70f5025d205d5645a20334e99f5f48bb
-
SHA1
82b5d7f470041f03b019a63a80bd5e9b0dad0474
-
SHA256
d3d17d9db04951cc221555f715f36a94a885505b03bebe685b2387cba23941e5
-
SHA512
aadd6b122839121df47bf67b920846454a6070ea1f2ace175b287de542f8674d0b2ed0b6c738fd25f0f6ee975f3f0fad20dc6700c651617b7929000a1e2cb981
Static task
static1
Behavioral task
behavioral1
Sample
Bank details.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
Bank details.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
uscentral50.myserverhosts.com - Port:
587 - Username:
sales@radheatwaters.com - Password:
waters@789
Targets
-
-
Target
Bank details.exe
-
Size
659KB
-
MD5
32fd72c7e9a6cd0ff55fc8bff0e5f35b
-
SHA1
551bde013f7293697603297cebc56f95c7ed4467
-
SHA256
3074df21396eea8b2249995c040407d2d6edb3bbdc50ad46d706c44104f20817
-
SHA512
4f2140f3855bae39f293fb3c1c260a869e19e8c9283c0f6ae011222588d581d9386326c38ff017d459e64237a7df4e2f674a49646903c84037faf20fd4ad2323
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-