General
-
Target
c04dc5dd7911fd254fc4fd57f9a85e1b56581e0274f331638145d9d72d2dc146
-
Size
461KB
-
Sample
220520-3wbz8ahfb4
-
MD5
6bc13b5485bec7a02d643d9b79b606eb
-
SHA1
12c5acaf265af29b3114ddf595c4b4e3cf935b89
-
SHA256
c04dc5dd7911fd254fc4fd57f9a85e1b56581e0274f331638145d9d72d2dc146
-
SHA512
5ec518bea41f3de755a0b3f807fb8a556c92694c16aac234ea82c83b5e0da26e723e713285346ef4df95fde06819dcf16c44fa068d5462a9150c0870073ef607
Static task
static1
Behavioral task
behavioral1
Sample
BANK COPY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BANK COPY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pushpageseo.com - Port:
587 - Username:
[email protected] - Password:
test
Extracted
Protocol: smtp- Host:
mail.pushpageseo.com - Port:
587 - Username:
[email protected] - Password:
test
Targets
-
-
Target
BANK COPY.exe
-
Size
563KB
-
MD5
937717f0eb3d33bab9f444e54e6040b9
-
SHA1
d83195f4d3f42e84243bbbdc32e94c23982a2917
-
SHA256
3dd701e877f0f802984c90bcfdcde54c35780c9afb459b2d395e6d38b2d4a503
-
SHA512
6fd6809ad139aea7b94237b3530f02f8d3f98c227927be7a571c2058fc809c77769d206b633b3ec396b7238c43e884a06392f2a35ebe69bb6e04c87de494166b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-