General
-
Target
6c413e49fed9fcdea95ca989436a01df16d69051c2dfccc838f941074902d911
-
Size
1.2MB
-
Sample
220521-antabaaed9
-
MD5
1a65e789518974db7060412cf54a0a59
-
SHA1
a9f52ba569cc556bf24d742597ec042d9697e3ed
-
SHA256
6c413e49fed9fcdea95ca989436a01df16d69051c2dfccc838f941074902d911
-
SHA512
854cb03010adec0c43bd4cdc11aee8b5a68284c6e535d783c54cef2c214d22b80fab2640117e47babdc49528d272c08a2f602e6de27c4eb8632b5826da50c0e8
Static task
static1
Behavioral task
behavioral1
Sample
BANK_PAY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BANK_PAY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail-out.cytanet.com.cy - Port:
587 - Username:
[email protected] - Password:
signs606
Targets
-
-
Target
BANK_PAY.EXE
-
Size
467KB
-
MD5
20758038b5d11ae2ecaafdb53924ad88
-
SHA1
4de4617c58f33df35899bd1ac6a2fffe377dee46
-
SHA256
bc07064a72812e0bef060dee9886ba7d06969c22a6ab8459f2682441142e8dc9
-
SHA512
e048585b935312f3b358517b925877635c7e1bd5d51dd47f63fec29b88e7145df59e94fc03ddb0c4b8670f71807e00f5505835d9962f2d29fbdbc339087541fa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-