General
-
Target
HSBC Customer Information.exe
-
Size
120KB
-
Sample
210915-jgwarsdbgq
-
MD5
448f83467c61e465162daf7cf8d9e88f
-
SHA1
c627061336905606c2c26b2b460ac4246fd54ca5
-
SHA256
4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063
-
SHA512
1f72e8cc6ec0c5d8f82a47ccd0e8dfa91bb9e7e90a00b34a6a466c8823579e58330f4c709ecb6c580814c3875bf618c1cbb7a5c83f70e8be08dbe46ca1a41fe3
Static task
static1
Behavioral task
behavioral1
Sample
HSBC Customer Information.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
HSBC Customer Information.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.qrextechnologies.com - Port:
587 - Username:
gmx@qrextechnologies.com - Password:
2)4#8tVp2d%q
Targets
-
-
Target
HSBC Customer Information.exe
-
Size
120KB
-
MD5
448f83467c61e465162daf7cf8d9e88f
-
SHA1
c627061336905606c2c26b2b460ac4246fd54ca5
-
SHA256
4773c7c5c52d0163bfa32cb271399692831e00ff7e6877f0877091e111c9f063
-
SHA512
1f72e8cc6ec0c5d8f82a47ccd0e8dfa91bb9e7e90a00b34a6a466c8823579e58330f4c709ecb6c580814c3875bf618c1cbb7a5c83f70e8be08dbe46ca1a41fe3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-