General
-
Target
1adc18ee6c7de3c847656ecaac4023ed89e5c989e80460daad5f19a9a7df31e8
-
Size
1.2MB
-
Sample
220521-dx7qvaged2
-
MD5
b882c89c11f35cdf4fda99d2b10803ca
-
SHA1
8ccf246457db34255ed33e327aa6244df4a9fbcf
-
SHA256
1adc18ee6c7de3c847656ecaac4023ed89e5c989e80460daad5f19a9a7df31e8
-
SHA512
0bcb4557bb7082a2b3fbb0a3b774a2185a4f69e85dc53848bc4872cab447b7bded19d38302e8ce5538bd5dfd3b97b7ae26002b26d8f9ff04c627881b3b54f83b
Static task
static1
Behavioral task
behavioral1
Sample
BANK_DET.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BANK_DET.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.logserver.ga - Port:
587 - Username:
[email protected] - Password:
work2020
Targets
-
-
Target
BANK_DET.EXE
-
Size
521KB
-
MD5
32b0333324cb7e09a5310ca329882779
-
SHA1
3793cb0bcad49f89cb00a272f47bea318a137e8e
-
SHA256
4fba937f1e8ae7eab73de2233f36e813fc2e4e889cbf5103f72ed642ba2e76c3
-
SHA512
0202c00174eeb46d214362bd8eff7a4c7ed04b8d56d4f1bd6e2a6be48889aa00a0f37a78caa6ea7a6fbdaad1a016757ab459f88ab892dfafe936fe306cdf1675
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-