Overview

overview

10

Static

static

WRONG BANK...LS.exe

windows7-x64

10

WRONG BANK...LS.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    81s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2022 08:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WRONG BANK DETAILS.exe

  • Size

    472KB

  • MD5

    8a286da3928ccde0c1f4d20a88f41b73

  • SHA1

    153935397d81e3f398441ad7382284d2a15ed2e6

  • SHA256

    2c93eddde0467abea46797a3f1df694c1f3f2b9ddd16cd60467fc00f08ad7ec7

  • SHA512

    803589f0a0cc3c392c96fe5927eec2e7199adcc848f1f0b4dadd112cf2f567c49b035a4c71d31397b87e27b16850861fc587bcea57a6e69cdffbfec9a9f37fe9

  • SSDEEP

    6144:QaOHuW0GgcRdBHMlU8LFhI8ZojU9Lu3fwpvj1iu2gAYwWhF6TEjvumnJw6lODNRF:QFufct8LFhbqq2Ogu2gAYh+gnJw6gr

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    webmail.blc.com.np
  • Port:
    587
  • Username:
    norvicfertility.clinic@blc.com.np
  • Password:
    Bhuramal123

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • AgentTesla payload 6 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WRONG BANK DETAILS.exe
    "C:\Users\Admin\AppData\Local\Temp\WRONG BANK DETAILS.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
      "{path}"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1984
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
        dw20.exe -x -s 388
        3⤵
          PID:1948

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1756-54-0x0000000075511000-0x0000000075513000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1756-55-0x00000000748D0000-0x0000000074E7B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/1756-56-0x00000000748D0000-0x0000000074E7B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/1756-69-0x00000000748D0000-0x0000000074E7B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/1948-70-0x0000000000000000-mapping.dmp
      Download
    • memory/1984-60-0x0000000000400000-0x000000000043C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/1984-61-0x0000000000400000-0x000000000043C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/1984-62-0x0000000000400000-0x000000000043C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/1984-63-0x0000000000436D3E-mapping.dmp
      Download
    • memory/1984-65-0x0000000000400000-0x000000000043C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/1984-67-0x0000000000400000-0x000000000043C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/1984-58-0x0000000000400000-0x000000000043C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/1984-57-0x0000000000400000-0x000000000043C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/1984-72-0x00000000748D0000-0x0000000074E7B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/1984-73-0x00000000748D0000-0x0000000074E7B000-memory.dmp
      Filesize

      5.7MB

      Download