General
-
Target
SWIFT HKEB0C01725410-T02.zip.exe
-
Size
1.5MB
-
Sample
210113-1fbrsbsrsj
-
MD5
e08645b36e4ec1cbf5cfd37c621a898f
-
SHA1
c198d121d221513110ed4e1fe7ddbe0a5c16c47a
-
SHA256
fc2841553bc42cdc4347d876f905ec5da9471813143d76f5610d70ed9229ccd6
-
SHA512
fd6beabff75463506f908569448ff4ac0777753a0742d57306db45877e91775cba1162c91156b262e8e84d8a01803f0bf10e839322e8386212e4cfe20684b34c
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT HKEB0C01725410-T02.zip.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SWIFT HKEB0C01725410-T02.zip.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
alma.yang2@yandex.ru - Password:
graceofgod
Targets
-
-
Target
SWIFT HKEB0C01725410-T02.zip.exe
-
Size
1.5MB
-
MD5
e08645b36e4ec1cbf5cfd37c621a898f
-
SHA1
c198d121d221513110ed4e1fe7ddbe0a5c16c47a
-
SHA256
fc2841553bc42cdc4347d876f905ec5da9471813143d76f5610d70ed9229ccd6
-
SHA512
fd6beabff75463506f908569448ff4ac0777753a0742d57306db45877e91775cba1162c91156b262e8e84d8a01803f0bf10e839322e8386212e4cfe20684b34c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-