General
-
Target
SEB Banka_maksajuma kopija_pdf.iso
-
Size
1.2MB
-
Sample
211202-kyj5hadfen
-
MD5
a886ec3648042316f1e9ac1db3dd00c4
-
SHA1
ff5902c6f8a6cb141d9bbd3d59ecafd4357b8372
-
SHA256
ff97953e40782435e5aab8bf6469f7817f45f1c1f7f10961b406002e781fe6e7
-
SHA512
3d3f03400730898ae7d47a61054523472c60c2241fa499a999599ebf6788b25fba30aeb1901a7b14bb3305e09121b9c2c2d560f84b2e71141b9c391599f64257
Static task
static1
Behavioral task
behavioral1
Sample
SEB_BANK.EXE
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
SEB_BANK.EXE
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ingeniumhea.com - Port:
587 - Username:
mantenimiento@ingeniumhea.com - Password:
IngeniumM18
Targets
-
-
Target
SEB_BANK.EXE
-
Size
27KB
-
MD5
ed3366cb849f6d62bb381e66d96b42ff
-
SHA1
41dd0051e764c1d2bf820b753c41f249fd25ba8a
-
SHA256
13f1dfeffed355ec22cb812a98ae895fa0ac4f5e83f9ff5598649b3933f0d53e
-
SHA512
6423e833a759a989a6d23ee03d244771d05c2a292ecb420e5b641ec047fa33fec2ba7e96d909474689480804298baa3d54f554f4e11954b742cd6c10dda7feec
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-