General
-
Target
6ea6477df4f68912348e3f62b2b10e1f7e4375b31e309dc65953d7ba97aa2b93
-
Size
1016KB
-
Sample
220521-m8fk6sgdan
-
MD5
0b221c844681aaa126d371cec2a417a1
-
SHA1
1ffbf53315d8d3b037469f79bedbb17dac213b43
-
SHA256
6ea6477df4f68912348e3f62b2b10e1f7e4375b31e309dc65953d7ba97aa2b93
-
SHA512
56533619a63a59ff97286a591c31167e56ca11000dff60bdf1d5115e0e2cc9cf8451011a9ccf9fa0bb0c47502666f506980344cb61283a94cd8ec18600886288
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20191415_081738_949589.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20191415_081738_949589.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.coastalinternational.in - Port:
587 - Username:
psvr@coastalinternational.in - Password:
r7i7t7h7u
Targets
-
-
Target
Halkbank_Ekstre_20191415_081738_949589.pdf.exe
-
Size
1.4MB
-
MD5
a398ef5ea99ae41cd4fa4532afb9cf44
-
SHA1
062aa42cc391ce1874e7975d928c97ac3364648b
-
SHA256
3ea259504667c2d255d44b50a4fe2d7906b819ee0d4ddf77b954ffbb57ec4277
-
SHA512
42b33d2dd93a427fd17517035dc68147ddafa0945a9ff1219a9086810dcc53f59d8cc2d7c4b07fb1f9c937f61520a837993e5b9f1f9a2ff3c78de67f70a90ab5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-