General
-
Target
a98602ff63a5af3a065ed886af97f3c7ee57d1312731c8e835c6b6d3c1a460f1
-
Size
384KB
-
Sample
220521-pgzabafce7
-
MD5
ea92ad08bed6dc61eeb70af6c89f689e
-
SHA1
d73ad53087a5613373836862a55f42bd985a3679
-
SHA256
a98602ff63a5af3a065ed886af97f3c7ee57d1312731c8e835c6b6d3c1a460f1
-
SHA512
182d6f8e3891a70ebe2a3c60c4595ab88f5d4831c9f66278d3ea964ddf6706eec01892bbdef63f62962a7008c78e2f76ad9771699bc16ccd7adbd0702fa5b441
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20200527_080247_232393.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20200527_080247_232393.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
lazerkesim@nesermetal.com - Password:
335410
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
lazerkesim@nesermetal.com - Password:
335410
Targets
-
-
Target
Halkbank_Ekstre_20200527_080247_232393.pdf.exe
-
Size
398KB
-
MD5
99c93f716eed17f114c02ed2e193faf1
-
SHA1
f660c44f96be37b147fc9f4dc4eeff48c74b16b1
-
SHA256
ea7084c6771d3582c0b95ef3cd3ce4e371cfcc7b41f358e8645e4bf4870fa2f2
-
SHA512
3f754550095a7da74e4a83fcbfc2e91fa588d1503e1644be809ac6e62a9d120a4679ddbdcdf9bd1ac3a827909cd65abea81f0f1ca69272b5c3a93b208cf0dec3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-