General
-
Target
6a6904fef61581e401e942e8d0528d1d5e356b2f41d4792e61b7fe439db18bec
-
Size
493KB
-
Sample
220520-3ck4sagfc6
-
MD5
6d3e15524a30bf9922d77611c1da5d8a
-
SHA1
ef20aab0661f7fe6d5b13df39e8aee957cee2f08
-
SHA256
6a6904fef61581e401e942e8d0528d1d5e356b2f41d4792e61b7fe439db18bec
-
SHA512
81310a3f05fdf6da1be378f7bfa8726141b650aa6506c2fd4313d4986f7ea5b6d6c53ac2545301a4d241bf4bbd07ef2a61291a3ebeb6058b80f2aab1945708f5
Static task
static1
Behavioral task
behavioral1
Sample
bank TT slip.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bank TT slip.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.prcpl.com - Port:
587 - Username:
[email protected] - Password:
jyotika@2015
Targets
-
-
Target
bank TT slip.exe
-
Size
721KB
-
MD5
fb34717ca05cea78fac1c7a48e7e5684
-
SHA1
c137cd16f0fe4021aebbe34a8fc6e262605ca45b
-
SHA256
e9a4d51808c53409c7e5e76b6a0201804ca6cbe8ee2d8cc473e2b8c56503ba1b
-
SHA512
bce62bd0d47b3d627e063b93260e27a68a64816527d166f9c6e6022fe56f04258e7daa38d05bb446d9ccf3f2ad8fe1de87dab8d532dd11b6dcf09c0685c4daf0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-