General
-
Target
Bank details.r15
-
Size
375KB
-
Sample
210915-he714saaa6
-
MD5
bf605903d8bcb21d342e4557264682e6
-
SHA1
8e5c0c07f2f483556415cf8bebdf8a5aad038c74
-
SHA256
0b12989e32cb7fd51824f5ad2d7e64e7535febf42d63c84626f6fb0a9a69b316
-
SHA512
3cb26436b71774885f8b0373a2115dc3448edec78bd10ff7486bdf8d0a2cd92eafdc84fddcff83e1c64b484d7f8c4814a83148f46cfd08bc31197a29e5e042b0
Static task
static1
Behavioral task
behavioral1
Sample
Bank details.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Bank details.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
uscentral50.myserverhosts.com - Port:
587 - Username:
sales@radheatwaters.com - Password:
waters@789
Targets
-
-
Target
Bank details.exe
-
Size
423KB
-
MD5
3bf82d500366aa323bab9365a2300c9a
-
SHA1
9228407c77e24e119e903a0aeffbc6b0ae6dfa0e
-
SHA256
d27fd6c029cf8ee94e3765d738300478d94ce269c91b27e883b607684a86e393
-
SHA512
1bb55271378bca6be0b6773325e1542ea29e1d84fc589415ff2c364c1d81472194b51df9f39c37c62a0785255f256f1773dd65bc36f726e8eddad65e6a8402d7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-