General
-
Target
1bb517a6957bc26290355bc932cf65de0c8e6c5360b55a53495d82dae2742ff4
-
Size
1.2MB
-
Sample
240330-b2gzwafa34
-
MD5
b2f4dbdb00845d0140f634bca6f20ea3
-
SHA1
bbde4b0b3a4aaf523c60e2d9658306315d752396
-
SHA256
1bb517a6957bc26290355bc932cf65de0c8e6c5360b55a53495d82dae2742ff4
-
SHA512
2a5dcadbdcd27f9e1c1c73860a944f5456e5ba361f195536daf7c256846a83cebe66155c2344287fadc563efe759102480e371df099394ba6557bb95baa41c45
-
SSDEEP
6144:6Xj7eSsWZevR/qwMVvT2sS7MaEEaeFPKL3eFTr+BArwfJWi:AGSr6iwMVIVNCLuF++K
Static task
static1
Behavioral task
behavioral1
Sample
HSBC Singapore_Payment Copy_Pdf.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
HSBC Singapore_Payment Copy_Pdf.bat
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.bfm.com.mk - Port:
587 - Username:
[email protected] - Password:
Sonja1234@@4321
Extracted
agenttesla
Protocol: smtp- Host:
mail.bfm.com.mk - Port:
587 - Username:
[email protected] - Password:
Sonja1234@@4321 - Email To:
[email protected]
Targets
-
-
Target
HSBC Singapore_Payment Copy_Pdf.bat
-
Size
225KB
-
MD5
3d95c53e26f3b959e7fe913ddc859a7d
-
SHA1
fc5961aac9b29d2822204df5efd44c5eee4557cf
-
SHA256
c7a329a0f9ccd316709e97776b17f237466b2f27c274d0887d4e445ab31c245e
-
SHA512
24e9c239f40884d996f833f8fe045f140e4345d5fd64a20edda999bd1b078e8b4faaa6a5f9897613f90848b82c206f3a6a5e4b6acaeaceccb7d576c93d0ca154
-
SSDEEP
6144:Bj7eSsWZevR/qwMVvT2sS7MaEEaeFPKL3eFTr+BArwfJWiE:BGSr6iwMVIVNCLuF++KE
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-