General
-
Target
SWIFT HKEB0C01725410-T02.zip.exe
-
Size
1.9MB
-
Sample
210114-529k4w589j
-
MD5
9799d062813682be526e3872624619d6
-
SHA1
73fcf6be1e81560fc4b3c07f6f6cffc6d9c45b67
-
SHA256
c0c094a6eb4a6e1051e79144ff16ae6d24b52007ac96fa0d8b40319635e1ea55
-
SHA512
e040175339eda6b977816bebe7c09a48b21eb98d03380beeccff7b961ce952b470616b85f913fda60ef5730d36e056642bda5a3281676840be83b4f69fa9ff97
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT HKEB0C01725410-T02.zip.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SWIFT HKEB0C01725410-T02.zip.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
graceofgod
Targets
-
-
Target
SWIFT HKEB0C01725410-T02.zip.exe
-
Size
1.9MB
-
MD5
9799d062813682be526e3872624619d6
-
SHA1
73fcf6be1e81560fc4b3c07f6f6cffc6d9c45b67
-
SHA256
c0c094a6eb4a6e1051e79144ff16ae6d24b52007ac96fa0d8b40319635e1ea55
-
SHA512
e040175339eda6b977816bebe7c09a48b21eb98d03380beeccff7b961ce952b470616b85f913fda60ef5730d36e056642bda5a3281676840be83b4f69fa9ff97
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-