General
-
Target
HSBC Payment Advice.img.exe
-
Size
749KB
-
Sample
240612-he886stake
-
MD5
29f5ece6140932732a934fb693b77e84
-
SHA1
c7420e2c1365e60ab4dff96be2a4619dd5b71da3
-
SHA256
63eac58257e89ae7383cdfcddbf1209d18d9eda53fefe0b5a57de854649499d9
-
SHA512
e6d119aa2f3b33beaedaa767074f0f5b7b0200907ddb6fab8a7e292edf55f4187642a468ec4f8750991c38dcd554f2b1aa08185c7f1418db57f895e8b0bb92a7
-
SSDEEP
12288:1edXtfETVJW54ALLNguUDAsUlQ5KRYvF6t11D1J2inUtGN1qaJru6f5WgR3OrZkR:cd92HZYLNgfDAZl4KAUtrminUg1qYrug
Static task
static1
Behavioral task
behavioral1
Sample
HSBC Payment Advice.img.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
HSBC Payment Advice.img.exe
-
Size
749KB
-
MD5
29f5ece6140932732a934fb693b77e84
-
SHA1
c7420e2c1365e60ab4dff96be2a4619dd5b71da3
-
SHA256
63eac58257e89ae7383cdfcddbf1209d18d9eda53fefe0b5a57de854649499d9
-
SHA512
e6d119aa2f3b33beaedaa767074f0f5b7b0200907ddb6fab8a7e292edf55f4187642a468ec4f8750991c38dcd554f2b1aa08185c7f1418db57f895e8b0bb92a7
-
SSDEEP
12288:1edXtfETVJW54ALLNguUDAsUlQ5KRYvF6t11D1J2inUtGN1qaJru6f5WgR3OrZkR:cd92HZYLNgfDAZl4KAUtrminUg1qYrug
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-