Overview

overview

10

Static

static

HSBCSWIFT ...DF.exe

windows7_x64

10

HSBCSWIFT ...DF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HSBCSWIFT ADVICE_0069700S.PDF.exe

  • Size

    477KB

  • Sample

    201109-rxpndbfalx

  • MD5

    29634a7b0e1022814f0d4f64f3d6fa3c

  • SHA1

    22aa028a4b6a6a937fe930eab37d7ffd5fedc03e

  • SHA256

    d0e7ded6fed46be56e045d2c9e6df6cc6e439b5ed8503a13e0296e953917a0a7

  • SHA512

    71346230a139376d3fc0f5f74ec13f95373549aea77ed003efd9cf4ceb6e10662f34a6ea7ef82cd8f961e010f893b7caa0252cd25d1f746fdb4f8bc2ecf55f0a

Score
10/10
agentteslakeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    petersonhouston@yandex.com
  • Password:
    faith12AB

Targets

    • Target

      HSBCSWIFT ADVICE_0069700S.PDF.exe

    • Size

      477KB

    • MD5

      29634a7b0e1022814f0d4f64f3d6fa3c

    • SHA1

      22aa028a4b6a6a937fe930eab37d7ffd5fedc03e

    • SHA256

      d0e7ded6fed46be56e045d2c9e6df6cc6e439b5ed8503a13e0296e953917a0a7

    • SHA512

      71346230a139376d3fc0f5f74ec13f95373549aea77ed003efd9cf4ceb6e10662f34a6ea7ef82cd8f961e010f893b7caa0252cd25d1f746fdb4f8bc2ecf55f0a

    Score
    10/10
    agentteslakeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks