General
-
Target
Bank_Confirmation.exe
-
Size
882KB
-
Sample
231212-rjnygafhh2
-
MD5
f82b121e447bb312a0c383d78a90490f
-
SHA1
a2570c68231136bb0d7b260f906d1e5a78c25f48
-
SHA256
d61fdb59b0176c8e329052c1b577dd366f17f206b79769bf3ae56ed6d52575de
-
SHA512
cfcf833f59f3f47aea75ea62b79d5ca57fcad8e56943bb60cd4af0212baf3c6720d9f991a3dd8964a9e272b2b82f0416fa5d06988e90dc9fda2a0e56d649dc31
-
SSDEEP
12288:r6zcyAwHWZJOLMZ7vgg24T4xT0Wm6y7+uSm0POeB83mAQuaPc19LW1lVmt1XS/2E:r6TH2gK0xxm64+ut1F2fuaG35Cy
Static task
static1
Behavioral task
behavioral1
Sample
Bank_Confirmation.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Bank_Confirmation.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
kex#-rHjHM4qKk52 - Email To:
[email protected]
Targets
-
-
Target
Bank_Confirmation.exe
-
Size
882KB
-
MD5
f82b121e447bb312a0c383d78a90490f
-
SHA1
a2570c68231136bb0d7b260f906d1e5a78c25f48
-
SHA256
d61fdb59b0176c8e329052c1b577dd366f17f206b79769bf3ae56ed6d52575de
-
SHA512
cfcf833f59f3f47aea75ea62b79d5ca57fcad8e56943bb60cd4af0212baf3c6720d9f991a3dd8964a9e272b2b82f0416fa5d06988e90dc9fda2a0e56d649dc31
-
SSDEEP
12288:r6zcyAwHWZJOLMZ7vgg24T4xT0Wm6y7+uSm0POeB83mAQuaPc19LW1lVmt1XS/2E:r6TH2gK0xxm64+ut1F2fuaG35Cy
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-