General
-
Target
981d7469522abdb18781bf122107b78dc69002dccb191b504f16c8ac39db961d
-
Size
672KB
-
Sample
240329-cb9smsfa75
-
MD5
a93503ae491dc5af1456a11ac4535447
-
SHA1
453769059524da2b146adbbdc208c1c04efdcace
-
SHA256
981d7469522abdb18781bf122107b78dc69002dccb191b504f16c8ac39db961d
-
SHA512
fb063dc9e7cfa5fbc0d6e2f1f7c71db91bf4443d4fbb62ea85fc0b48b137bf32fb878c7b1bf0fceeb523ae4610229acd01997472e574e483d8538c9caad45fcf
-
SSDEEP
12288:UnhXSeubNVT0iWI4hF1RSalBqflxzDt2zkQKinKGSCBqFB986ppcm:I0bNVT0iI4oWlVwmVGhBq9lcm
Static task
static1
Behavioral task
behavioral1
Sample
Bank slip.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Bank slip.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kabeercommodities.com - Port:
587 - Username:
[email protected] - Password:
w{A6H.o&sz%g - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.kabeercommodities.com - Port:
587 - Username:
[email protected] - Password:
w{A6H.o&sz%g
Targets
-
-
Target
Bank slip.exe
-
Size
810KB
-
MD5
dfa4d69d102efe18603b643e03cd916f
-
SHA1
104857721a2a10211bf4638fc1aac4f01026839d
-
SHA256
ae7f2736fd9aa11676e139b0d89f702cd2fab6660b9b589c1feddc4898520c41
-
SHA512
0e248fc8bbc5db13db05c266b46a0bbd4900de17c5208c881fc66ff0732cd67af50000936da1a1b198fefa9e9407388fdf9ff78116b5b2abdaa02817a67f46fe
-
SSDEEP
12288:GfpsApRsBWD84RF1RSaXXqftMwjfBCQr60ijTLGSCB8rBCg09poeV:GtpRse40MvCVTGhBoCX9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-