General
-
Target
Bank report.zip
-
Size
520KB
-
Sample
220923-h8dz5adea3
-
MD5
4eda4bc3c7728f94ee818ef63d5483cf
-
SHA1
5df98f52432dd0bb82b16a5430e5986784b897a8
-
SHA256
e4ec7bc638a2f16ea086b9108a89c2079a6a47b8360438a3e8ee705a0aac890f
-
SHA512
d7342e1ec81d454f8ab4f370ee13144c1bc0c365635b79ce60da84efc2525281dd74aafd8c71f4de5c5d07bd333c784d796e3dcc8e417bb8f0804f52106b4a2e
-
SSDEEP
12288:hV7tgIcwWLZiDHEwkyz1Hz4oKU/riPlZLDcEeRoVFqDpm67y:jJgI5/11TzHTiPlZ3de8QDpm3
Static task
static1
Behavioral task
behavioral1
Sample
Bank report.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Bank report.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.gci-india.com - Port:
587 - Username:
enquiry@gci-india.com - Password:
G?UdDC.PX%)C
Targets
-
-
Target
Bank report.exe
-
Size
659KB
-
MD5
f6d2d6d8d20e922611fd0b8418f5f900
-
SHA1
6d7bf4333f141522baf1573d42a68be646059436
-
SHA256
e74b2fe194c740ba577cd9c89e5a5b83d0b312c3c1ed08754b3c07339d2fd9a0
-
SHA512
a9cc4cdb2f8dfe3eaee43a78e769e4cd6e26ea78ee806cd679bb56d5b11ec851c80e3ff5b46fa5d2d5e21cb5501648b1a0175df0b58032145b856da855651d25
-
SSDEEP
12288:Xf2iNGlylSx1Z3Eosyltlze4KU/FiFjPLDU0LnADqjJ5nzvG:P1gbzthbH9iFjP3zTjrzvG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-