Extracted

• • Target

    HALKBANK.exe

  • Size

    2.6MB

  • MD5

    0dc79297559b6ff6a2db2870c4de1313

  • SHA1

    ed43611311d5a94ce56a5fff8e45a8ac437fbf12

  • SHA256

    16fcaf343d6c5ec3c546339a522c47b7e44f0684ff50a7acf49d8439e2956a93

  • SHA512

    c3afb996357edb3c6d006476768a3354d629eb29ff345d64098369cad19753a50a7eefe28fc53e8f4841cc7a006b2fa43cb906a65852cab91525c2be1a161a1b

  Score

  10^/10

  massloggerpersistencespywarestealeragentteslakeyloggertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger

  • MassLogger Main Payload

  • AgentTesla Payload

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2