General
-
Target
Bank_Confirmation.7z
-
Size
590KB
-
Sample
231212-s1bvxahbb6
-
MD5
67ee3d27fb158fdc38cbb6807379f10d
-
SHA1
91e5e5754d8652f8b8e7ab6f7a146d9eb07a667e
-
SHA256
c3c64f2edc0e3e59c0e1526910c08623981c8c8446f49c0887199f35c4a8f57b
-
SHA512
6a3ecb25da2380a010a89d597c495c3570ab88ec3cb959fc3fb32cbac8a3e935ff435537b1f17205435091ccce39f7730ded30f24a64617fda9951121841bbad
-
SSDEEP
12288:rABlTLgT4bT0W8ry7suSmvPokVrqBs2mAYuaNc1MhAEy7wydNdQZf:SHg0bx8r4sutvPoE5NbuaNhgsf
Static task
static1
Behavioral task
behavioral1
Sample
Bank_Confirmation.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
Bank_Confirmation.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezzleauto.com - Port:
587 - Username:
[email protected] - Password:
kex#-rHjHM4qKk52 - Email To:
[email protected]
Targets
-
-
Target
Bank_Confirmation.exe
-
Size
882KB
-
MD5
f82b121e447bb312a0c383d78a90490f
-
SHA1
a2570c68231136bb0d7b260f906d1e5a78c25f48
-
SHA256
d61fdb59b0176c8e329052c1b577dd366f17f206b79769bf3ae56ed6d52575de
-
SHA512
cfcf833f59f3f47aea75ea62b79d5ca57fcad8e56943bb60cd4af0212baf3c6720d9f991a3dd8964a9e272b2b82f0416fa5d06988e90dc9fda2a0e56d649dc31
-
SSDEEP
12288:r6zcyAwHWZJOLMZ7vgg24T4xT0Wm6y7+uSm0POeB83mAQuaPc19LW1lVmt1XS/2E:r6TH2gK0xxm64+ut1F2fuaG35Cy
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-