General
-
Target
HSBC Payment Advice_pdf.exe
-
Size
667KB
-
Sample
240625-krksfsshjr
-
MD5
4a54a1cfb9a323654e9382645dd55f03
-
SHA1
2a569a45460a3a7251fe74fc0ce082dbe05de9d4
-
SHA256
88ee50dbfee90121de2f56cbb6fb8e23384f2423a0598a45147fe08f6503cb3b
-
SHA512
6830e11f411b50da12361bbd8749dc80386b49895823986609d990871c8a9c01884c38e9dc8698f913b00f1f273809e225430b22c2f0d9241735892b96d5cab5
-
SSDEEP
12288:wo5wtN2gPFocYNclSS51hq2t7ud/I59A/IFlDBUun3BYMn/:7LESc5F5F8dQ40lDeGr/
Static task
static1
Behavioral task
behavioral1
Sample
HSBC Payment Advice_pdf.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
HSBC Payment Advice_pdf.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Ukbase123. - Email To:
[email protected]
Targets
-
-
Target
HSBC Payment Advice_pdf.exe
-
Size
667KB
-
MD5
4a54a1cfb9a323654e9382645dd55f03
-
SHA1
2a569a45460a3a7251fe74fc0ce082dbe05de9d4
-
SHA256
88ee50dbfee90121de2f56cbb6fb8e23384f2423a0598a45147fe08f6503cb3b
-
SHA512
6830e11f411b50da12361bbd8749dc80386b49895823986609d990871c8a9c01884c38e9dc8698f913b00f1f273809e225430b22c2f0d9241735892b96d5cab5
-
SSDEEP
12288:wo5wtN2gPFocYNclSS51hq2t7ud/I59A/IFlDBUun3BYMn/:7LESc5F5F8dQ40lDeGr/
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-