General
-
Target
bank slip.exe
-
Size
645KB
-
Sample
240429-z5rkgscf2v
-
MD5
94140263a36560bda39b02fffafce831
-
SHA1
33f2c75d6d50ba1acaadc92ae64803ecd3ff18ff
-
SHA256
fb422ed39cbabcab2449fde2224bfa281f4248e08014b4e3a60003842409d7a6
-
SHA512
2bf7708f475d4e663cea9c81a5198f1afa8f69d8088b84508d88bb25115beeaae116fb52a6c80c65e15be7f826c6616767afd30f27d19c076786edccefac381e
-
SSDEEP
12288:zuZk4K7sxuUrrN0I+9Vhbb2guOiAjDHIEf9/Q/3LhqvsqDfzltZWYblmeB778Qoo:JsxumrO7cgu4D5fxALhhqDLl9RmeBf
Static task
static1
Behavioral task
behavioral1
Sample
bank slip.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bank slip.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vw-rmplcars.co.in - Port:
587 - Username:
[email protected] - Password:
Gagan#456 - Email To:
[email protected]
Targets
-
-
Target
bank slip.exe
-
Size
645KB
-
MD5
94140263a36560bda39b02fffafce831
-
SHA1
33f2c75d6d50ba1acaadc92ae64803ecd3ff18ff
-
SHA256
fb422ed39cbabcab2449fde2224bfa281f4248e08014b4e3a60003842409d7a6
-
SHA512
2bf7708f475d4e663cea9c81a5198f1afa8f69d8088b84508d88bb25115beeaae116fb52a6c80c65e15be7f826c6616767afd30f27d19c076786edccefac381e
-
SSDEEP
12288:zuZk4K7sxuUrrN0I+9Vhbb2guOiAjDHIEf9/Q/3LhqvsqDfzltZWYblmeB778Qoo:JsxumrO7cgu4D5fxALhhqDLl9RmeBf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-