General
-
Target
2477df2f4c434194c6fa5c9c7c0369ac4b7ba875ca902e22e813effb53820f98
-
Size
577KB
-
Sample
220521-mxhamafgcq
-
MD5
77b22baf51df4cae4bd09f2e9a3f91d1
-
SHA1
6682c1156710985f7b10b1d87db2c6986172aeff
-
SHA256
2477df2f4c434194c6fa5c9c7c0369ac4b7ba875ca902e22e813effb53820f98
-
SHA512
9c6df830e1269820b0661e4d5eec76893d1c3174a16e744592b63b52dfd602c0c18bc3916eace140c5bf2c5a751a26544bd96f778095b1daa42e38aeca7c845b
Static task
static1
Behavioral task
behavioral1
Sample
BANK COPY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BANK COPY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.albaniandailynews.com - Port:
587 - Username:
marianakllici@albaniandailynews.com - Password:
125875.jUkT
Extracted
Protocol: smtp- Host:
mail.albaniandailynews.com - Port:
587 - Username:
marianakllici@albaniandailynews.com - Password:
125875.jUkT
Targets
-
-
Target
BANK COPY.exe
-
Size
985KB
-
MD5
7caa639b8b264d21417fad8969dfdc1e
-
SHA1
960ede809b7927dd134620eb88744239826bd324
-
SHA256
42cca3ae2e4d971b4bd7acc8b205c22ba675aa08b760aac654514c5578d74dc2
-
SHA512
ba5f61ce73c21fdbc66390b60b2c3f2cdc4a8dfc1ad8b9610c2ecaae3d6cc704fba5a63bd13f52df880b039da5d3bf074f9196c2ab8d9fed8f854bf3a9388d32
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-