General
-
Target
SWIFT HKEB0C01725410-T02.zip.exe
-
Size
1.8MB
-
Sample
210118-m2ams8ztv6
-
MD5
26acd81931ba911b9da09e25f1d78930
-
SHA1
bd501cc26fec8405bd4060031a9ece946d15e815
-
SHA256
c79b3a9a39ba7d34ff2f2b4a41e76ef66a557e4f6240e8117b7dcb2b0200aa79
-
SHA512
f44eb6cfa7e91a6bdc7e20f0e67efe225767025ece6a45ee965371002a4dbd09c09da7fbb67072e7b0e2134f5295a47ec9996f6ed493f9751433d0fe66aa0205
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT HKEB0C01725410-T02.zip.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SWIFT HKEB0C01725410-T02.zip.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
alma.yang2@yandex.ru - Password:
graceofgod
Targets
-
-
Target
SWIFT HKEB0C01725410-T02.zip.exe
-
Size
1.8MB
-
MD5
26acd81931ba911b9da09e25f1d78930
-
SHA1
bd501cc26fec8405bd4060031a9ece946d15e815
-
SHA256
c79b3a9a39ba7d34ff2f2b4a41e76ef66a557e4f6240e8117b7dcb2b0200aa79
-
SHA512
f44eb6cfa7e91a6bdc7e20f0e67efe225767025ece6a45ee965371002a4dbd09c09da7fbb67072e7b0e2134f5295a47ec9996f6ed493f9751433d0fe66aa0205
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-