General
-
Target
1db6bb9de6a05bd4f6f7099a2494124e3ba4cd2571ca39d2cb316fa42d6eb98e
-
Size
882KB
-
Sample
220521-nta8kshbgp
-
MD5
90b0d561b8d96daaf0600d043e7b5b60
-
SHA1
f429167b93033b6a30125aaae412c1a9f620bde1
-
SHA256
1db6bb9de6a05bd4f6f7099a2494124e3ba4cd2571ca39d2cb316fa42d6eb98e
-
SHA512
e35d7b3b88bb90a852d3f01305992127ea91637c25f639dc9f906b0e9cec9370fd8316ed90a39255bc3efb597491e8b5f39b2c35795867cc5db184f7e5fe90d1
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bunsadokum.com - Port:
587 - Username:
latifu@bunsadokum.com - Password:
posta38Bunsa
Targets
-
-
Target
HALKBANK.exe
-
Size
2.6MB
-
MD5
0dc79297559b6ff6a2db2870c4de1313
-
SHA1
ed43611311d5a94ce56a5fff8e45a8ac437fbf12
-
SHA256
16fcaf343d6c5ec3c546339a522c47b7e44f0684ff50a7acf49d8439e2956a93
-
SHA512
c3afb996357edb3c6d006476768a3354d629eb29ff345d64098369cad19753a50a7eefe28fc53e8f4841cc7a006b2fa43cb906a65852cab91525c2be1a161a1b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-