General
-
Target
65e9bc1d22e37a239e3981df522d7fdc875bfa28522bbee6b3c858b45a110cf2
-
Size
346KB
-
Sample
220521-apt81aafa3
-
MD5
0e1c7623bf2db6f2978cbcdf1ce9f1d2
-
SHA1
54244bc725ddad63cc2e2aaa819645cfb7b78516
-
SHA256
65e9bc1d22e37a239e3981df522d7fdc875bfa28522bbee6b3c858b45a110cf2
-
SHA512
cc55eca39fccaeb8d0c8fd20a1dc23a703d906f3aacee67d4bc0775f0af867061910ca96e4394d8c9527a29edff82fcf1c4d00a9038e2c24ffa389298d90d02c
Static task
static1
Behavioral task
behavioral1
Sample
Bank Document_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Bank Document_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
bh-58.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Extracted
Protocol: smtp- Host:
bh-58.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
Bank Document_pdf.exe
-
Size
513KB
-
MD5
186a0313d134f01988ea623a10298146
-
SHA1
efbdcfc82e3f54b542e9b837d9f2a107bf585965
-
SHA256
9d604c08ee1d3c2f747a0813ba0b38fb34477eca74a73176939f5a37a1ba5bc5
-
SHA512
b49f90b0e5012da795834b23936693841c4418d842b0287bade25ef5a643dafc9796e548bd89660584c55d6265b2fe47f704e80d7f8f1eb073ef2fb045a484f0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-