General
-
Target
63c8496ad2705c60d046b230fae8edab66265d9bfadfe528ba6088d1b7496db6
-
Size
342KB
-
Sample
220521-ntpqzahcaj
-
MD5
8ec28ddce7b10dcaa75022353bc386b7
-
SHA1
51442c72971e333f2ab8603c2ccfd9c9c99c4707
-
SHA256
63c8496ad2705c60d046b230fae8edab66265d9bfadfe528ba6088d1b7496db6
-
SHA512
c01b12a3ce1cad6b4d4d7ecf46ea3fe94f465bcb7a10e373954180c32909236790bfa67bb303072f1fc014672f8892cccc5e075987a5dc18c9fb2c2034b7af04
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20200410_080918_330462.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20200410_080918_330462.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.mx - Port:
587 - Username:
[email protected] - Password:
lp475869
Targets
-
-
Target
Halkbank_Ekstre_20200410_080918_330462.exe
-
Size
408KB
-
MD5
bed7136e59439497d3c4749605dfc229
-
SHA1
f84747103f79078a750cd13a10fdc7c36d552597
-
SHA256
4b8d62db8bc41db322d93e617367b302796f211080ca07d138699a2923aafb23
-
SHA512
7204401bc07a845fe4ddfda053808d702b11bbd2c54b2cecde32f2d5fbf4c3da196122024825de10768885610d7decc7ba56373a01417b3b940a678347323680
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-