General
-
Target
99f5fc482f7032ca22c6d3dbfeb0d473de11c448f468d4cdcd2d047fc3138163
-
Size
381KB
-
Sample
220521-cx7keaefe9
-
MD5
2cf1e273d3b8f2e6bd2bbb46aa3a9601
-
SHA1
3dff4a1be85788b82297d9a0007fa21203fab27e
-
SHA256
99f5fc482f7032ca22c6d3dbfeb0d473de11c448f468d4cdcd2d047fc3138163
-
SHA512
02cf6bab8a96977ca4b370f4b6dc728431821bd4b1fdef76919834310924413603d1b3bb3ec18586f5ba5efc8ac3fb9470aadc2b1dd400725d19a133ccb9ad44
Static task
static1
Behavioral task
behavioral1
Sample
bank payment advice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bank payment advice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mytecheng.com - Port:
587 - Username:
[email protected] - Password:
Pakistan@321
Extracted
Protocol: smtp- Host:
mail.mytecheng.com - Port:
587 - Username:
[email protected] - Password:
Pakistan@321
Targets
-
-
Target
bank payment advice.exe
-
Size
464KB
-
MD5
c9117bac79ce3500c79f9f579c72245a
-
SHA1
ea23a2da5f5dd0fd72e9243e9765f02a7f237824
-
SHA256
73b78f2caff5099ed61689ba82eaa2d6dc19bb1fa2d619b9429d5f876a0ecd68
-
SHA512
eeccb8a5ef8379a26892ead6a746da2855bc443eb28725a857f4c85837f630eb8d014516d0bdf6cce9a348634ffb86da69e204ae0ab55c6680a12bec2e6f4878
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-