General
-
Target
Confirm bank details HSBC 385833392004pdf.exe
-
Size
702KB
-
Sample
211020-ldl9ssggh7
-
MD5
1515d4575f651de0cf97c6d26af7f540
-
SHA1
e7e3855eafe2e436117fd9f8c27048a6af4962c7
-
SHA256
5cfa399db38ddded208036cb0532b2cec2723f6e3895ba43eb08810226187d6f
-
SHA512
f7c23b15728ae43ba336668e28a2280dd9e047adc622f1e07eade6240ec9e750d4d6a665d6a94324158c7c2beb984a80a7cc9617ee89f751139eeb280d6d570a
Static task
static1
Behavioral task
behavioral1
Sample
Confirm bank details HSBC 385833392004pdf.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Confirm bank details HSBC 385833392004pdf.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
qHuEFqv8
Targets
-
-
Target
Confirm bank details HSBC 385833392004pdf.exe
-
Size
702KB
-
MD5
1515d4575f651de0cf97c6d26af7f540
-
SHA1
e7e3855eafe2e436117fd9f8c27048a6af4962c7
-
SHA256
5cfa399db38ddded208036cb0532b2cec2723f6e3895ba43eb08810226187d6f
-
SHA512
f7c23b15728ae43ba336668e28a2280dd9e047adc622f1e07eade6240ec9e750d4d6a665d6a94324158c7c2beb984a80a7cc9617ee89f751139eeb280d6d570a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-