General
-
Target
33e4bac12cf6ce80c977b9fbfc4b9d517d020698f349e08938533fc7aea87e17
-
Size
625KB
-
Sample
240430-ben5nsga6w
-
MD5
4c0ab123083e1071c1318dcc35a30ff5
-
SHA1
5a074c0a859825dda81e63736e90db1b143a89fb
-
SHA256
33e4bac12cf6ce80c977b9fbfc4b9d517d020698f349e08938533fc7aea87e17
-
SHA512
531fb9f002757580afd8417ddb198474ae9134739a8fb95924b877fcce5a09a577180a38440e3878889e1fd0283c66ddbbae971d1000983dbef836f522dee0dc
-
SSDEEP
12288:Lyp+ca7s/uUrJNkI+3+14suaiAjDHIwfD6n7VTLqv5Ipr8FB7s6CO8p8QWZQh:mCs/uEJGu2sumD/fATLfp4FBtZQh
Static task
static1
Behavioral task
behavioral1
Sample
bank slip.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bank slip.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vw-rmplcars.co.in - Port:
587 - Username:
[email protected] - Password:
Gagan#456 - Email To:
[email protected]
Targets
-
-
Target
bank slip.exe
-
Size
645KB
-
MD5
94140263a36560bda39b02fffafce831
-
SHA1
33f2c75d6d50ba1acaadc92ae64803ecd3ff18ff
-
SHA256
fb422ed39cbabcab2449fde2224bfa281f4248e08014b4e3a60003842409d7a6
-
SHA512
2bf7708f475d4e663cea9c81a5198f1afa8f69d8088b84508d88bb25115beeaae116fb52a6c80c65e15be7f826c6616767afd30f27d19c076786edccefac381e
-
SSDEEP
12288:zuZk4K7sxuUrrN0I+9Vhbb2guOiAjDHIEf9/Q/3LhqvsqDfzltZWYblmeB778Qoo:JsxumrO7cgu4D5fxALhhqDLl9RmeBf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-