General
-
Target
Copy BL and Debit Note.exe
-
Size
526KB
-
Sample
211019-qe9hyaggbl
-
MD5
bf3529f043b5bbd871d4fe1fa7dbd9b7
-
SHA1
0770c707d13b4b186bf926413b806bd88fe2bdfc
-
SHA256
33e67621d21b3a8a3afd7bd73c2ee1dadd4d9d18faa31b68f67bdd54f7804cd0
-
SHA512
39fedee0ce4b83dd382a0369953607cc5f06a498b06d4340e051ca13bdc66cd5e1f16439feb0af09e2ec665e80552d5856cb6bdba2dd5f26f39ffcc6205ddcf2
Static task
static1
Behavioral task
behavioral1
Sample
Copy BL and Debit Note.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Copy BL and Debit Note.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.davaobay.com.ph - Port:
587 - Username:
[email protected] - Password:
p@ssw0rd
Targets
-
-
Target
Copy BL and Debit Note.exe
-
Size
526KB
-
MD5
bf3529f043b5bbd871d4fe1fa7dbd9b7
-
SHA1
0770c707d13b4b186bf926413b806bd88fe2bdfc
-
SHA256
33e67621d21b3a8a3afd7bd73c2ee1dadd4d9d18faa31b68f67bdd54f7804cd0
-
SHA512
39fedee0ce4b83dd382a0369953607cc5f06a498b06d4340e051ca13bdc66cd5e1f16439feb0af09e2ec665e80552d5856cb6bdba2dd5f26f39ffcc6205ddcf2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-