General
-
Target
Bank TT copy.exe
-
Size
606KB
-
Sample
221124-trxxfseg65
-
MD5
92f4d58c433103764476f6e0ce7cd516
-
SHA1
6bb8c94df04c1713f12b4f2ca2d141a013881f8f
-
SHA256
056fefb924727f883dacfa1b86cf30fd3f62c5802d4ab3c6a0ae3493e9aaab98
-
SHA512
c0fd8e3330ce0ea4ad314140d79d0be5a04bd20c866873b30bff6bb59382f57e95c044c9071ce64a296eb391b8a143bf268126685e55b03506ec0d913d77bb81
-
SSDEEP
12288:dx3MopUon7IMwM8EzwllEe6cUxSABfUn6n/xKVqa2GI2lBx+vpMbIX+dpvWw3Z7x:s6cUxSuUpqynBx+Sbc+fuUlx
Static task
static1
Behavioral task
behavioral1
Sample
Bank TT copy.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Bank TT copy.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dmstech.in - Port:
587 - Username:
[email protected] - Password:
0]6F9Az.pqfd - Email To:
[email protected]
Targets
-
-
Target
Bank TT copy.exe
-
Size
606KB
-
MD5
92f4d58c433103764476f6e0ce7cd516
-
SHA1
6bb8c94df04c1713f12b4f2ca2d141a013881f8f
-
SHA256
056fefb924727f883dacfa1b86cf30fd3f62c5802d4ab3c6a0ae3493e9aaab98
-
SHA512
c0fd8e3330ce0ea4ad314140d79d0be5a04bd20c866873b30bff6bb59382f57e95c044c9071ce64a296eb391b8a143bf268126685e55b03506ec0d913d77bb81
-
SSDEEP
12288:dx3MopUon7IMwM8EzwllEe6cUxSABfUn6n/xKVqa2GI2lBx+vpMbIX+dpvWw3Z7x:s6cUxSuUpqynBx+Sbc+fuUlx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-