Overview

overview

10

Static

static

10

prbsbnk21n...df.exe

windows7_x64

1

prbsbnk21n...df.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    prbsbnk21nov11.pdf.exe

  • Size

    214KB

  • Sample

    211112-n985jsadep

  • MD5

    fcd9a3c4fcaaa8b79160097217e72990

  • SHA1

    1952f5b38218ea08e2efa6f00ef3537df675b805

  • SHA256

    57bed7441de5b4e401bd3237d44b5fffcbc8ff4a88569959edea7573bdd13ded

  • SHA512

    19e4ebe418d44fb3bcc848dc484a30961106af0204f2ffd20b57ea67cc618404c1a369d248971d3dc5f47d2e66cfeca98a94adec2d05f597b134229cb3e9f483

Score
10/10
agentteslamicrosoftphishing

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.meyaargroup.com
  • Port:
    587
  • Username:
    info@meyaargroup.com
  • Password:
    Meyaar@123$

Targets

    • Target

      prbsbnk21nov11.pdf.exe

    • Size

      214KB

    • MD5

      fcd9a3c4fcaaa8b79160097217e72990

    • SHA1

      1952f5b38218ea08e2efa6f00ef3537df675b805

    • SHA256

      57bed7441de5b4e401bd3237d44b5fffcbc8ff4a88569959edea7573bdd13ded

    • SHA512

      19e4ebe418d44fb3bcc848dc484a30961106af0204f2ffd20b57ea67cc618404c1a369d248971d3dc5f47d2e66cfeca98a94adec2d05f597b134229cb3e9f483

    Score
    7/10
    microsoftphishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks