General
-
Target
bank details.zip
-
Size
1014KB
-
Sample
211017-3x7taachg6
-
MD5
76520584d52896b438e54427ffb83d8d
-
SHA1
38279ee9aed2bfc51a1dc2882b8c7af76302b77b
-
SHA256
91c08744ee4214190e3a4c8216ec620373a869e9bfbce3f9db00d01590def08c
-
SHA512
d2fdc93bfccf634823b3c698ef751a0749e3ed1314481bb8eaeb0a5cb7950981df2cf5afee5a40edf87805ed9a3c89493035c31863e1a0ef860d624e08ca1571
Static task
static1
Behavioral task
behavioral1
Sample
bank details.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
bank details.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.coquettenola.com - Port:
587 - Username:
[email protected] - Password:
mandicakes2015
Targets
-
-
Target
bank details.exe
-
Size
1.1MB
-
MD5
eb86275aeb317d404d5b8fda23f673aa
-
SHA1
ad010abd23862d25925fbbf4757f9e71907fe9cd
-
SHA256
0be3682accde2a88d78e2516998a4e19a01d116a1a66fadf903b60326b92cca8
-
SHA512
29cb4e46129a828ca26133426c5f4dde20eccc13c8e178e6288f788ec38686c39623c1c25ea6a2275e9430336b34bf61c9f2cbfdea85c0651fe93a941dcc21de
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-