General
-
Target
0affaf2fb7d456ec4a5b5d71284ca20a79f6441deb4f86dae15649557dd7f62f
-
Size
422KB
-
Sample
220520-3d1wmagga7
-
MD5
fb4cd002ccf15d341fffebb0a42af274
-
SHA1
af191e260af2b8ebdf8990d0648665754a74ce22
-
SHA256
0affaf2fb7d456ec4a5b5d71284ca20a79f6441deb4f86dae15649557dd7f62f
-
SHA512
b120a28188f56e125a954dab49a7a77c02567ce779e107649bc4dd9ad3515e284ac10a1d69318364167a52cfba88bd658f635721e26b55735a8f5e8d79c9c27b
Static task
static1
Behavioral task
behavioral1
Sample
bank transfer.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bank transfer.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.threewaystoharems.com - Port:
587 - Username:
[email protected] - Password:
sales@123456
Extracted
Protocol: smtp- Host:
mail.threewaystoharems.com - Port:
587 - Username:
[email protected] - Password:
sales@123456
Targets
-
-
Target
bank transfer.exe
-
Size
524KB
-
MD5
f8fd00da4cff6984403946ddefebc4f2
-
SHA1
3f7fbe8fb58f4ed51a5ef2aca94ca6f783cba8fe
-
SHA256
a78982f275b83bfca636dca08c404c5952fbf86cba13813fb6d5e2f12ff60986
-
SHA512
43d447e19b71708921d89dfa08232f2c3c9bc0f84b03546f6d7e14e2964d077ae0301c981b32cac0e807ab0ce76a8a5d297314fd4a4b204db5c7f4e3710ebae2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-