General
-
Target
842f3134c83fcbdf97601cd1222e76eba74c45216a3b29d734efdb6a000e6068
-
Size
385KB
-
Sample
220521-b1tmaafhcp
-
MD5
cf79d96e7445e033df9bb6d4b7d993d6
-
SHA1
26b33572ef200925f0f5b56ce21c16c2ddf355f8
-
SHA256
842f3134c83fcbdf97601cd1222e76eba74c45216a3b29d734efdb6a000e6068
-
SHA512
09818f6e14d3fcb9ca6d9780f2096c88e4ffae6ca9e6b943e3d5a40b5ad24108cacb904f156d07c252f738778d7e2d513cce361e93ea0b70bc096a752fc2ee8c
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20200213_154827_701859.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20200213_154827_701859.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
%smtp% - Port:
587
Extracted
Protocol: ftp- Host:
premium38.timeweb.ru - Port:
21 - Username:
cf95552 - Password:
ce40zgS4xi6r
Targets
-
-
Target
Halkbank_Ekstre_20200213_154827_701859.exe
-
Size
468KB
-
MD5
d96dd42bfca040bf5d1b39bdf86621c7
-
SHA1
6190b602dd823c485cbdd036d355b13c6e9995a5
-
SHA256
69e836f80b35f0405195f3eab755c9c0c4be8e1331693228675348b7a2660f79
-
SHA512
f8e1de487f62c094ecbb75c183a8d6c178e4633d38fdbb205dd9c23e1e285e6093009f847f8d06d299839a89e49bb96e221162a2c74d7523c3ac6c54fab9c877
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-