General
-
Target
Bank Slip.r11
-
Size
570KB
-
Sample
211201-rwv8bachgq
-
MD5
4a8bb19bb98e81252bd905f2a5873e85
-
SHA1
30597f54bd97ceb79b0d2f00ce432324ad738455
-
SHA256
9928bc779e691c6dc94a0adb34dd18b6905c50bf4b7699c7d878a2421e145c5d
-
SHA512
0541b6d09796725cc9ac03514e632a14d99c7dea141c00e5a1f774aaefe1aa17431c956c883a10294795206c2ef502c2a31cab29d3a92822c573c08fe158ac02
Static task
static1
Behavioral task
behavioral1
Sample
Bank Slip.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Bank Slip.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.waterchem.com.tr - Port:
587 - Username:
[email protected] - Password:
Q]b9[cc7kHK&
Targets
-
-
Target
Bank Slip.exe
-
Size
609KB
-
MD5
23415766fdffe2d1e3df520326e3326c
-
SHA1
e1d773dbd8164c620b926d1f9bcfde9910840b8b
-
SHA256
2cf586182f56dcc1131459031b5dca2b6c3037f5c8bc39b70ab226972b5d3d9d
-
SHA512
2ab7d544257ecacbad91e5185d8e087728d9d3ffda3300458a6f82720743c1eddad3b55bc51f2d8c015dc0cfabab5ff676ebc36612f4187f64f1be0c018061d0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-