General
-
Target
SWIFT HKEB0C01725410-T02.zip.exe
-
Size
1.8MB
-
Sample
210119-k6ggjsyfm6
-
MD5
b06e6bd34c7d5cd00303b533939e4881
-
SHA1
7d31bdcc3cf478b5591050de865abfa6a003938a
-
SHA256
d84f4e172e71f373f3aae337a8f78f3465ac66ed4f507dbfb63ae378e7a7ecc7
-
SHA512
aaa2e166a7de60fc0044cd96eed9ce2bb5d3653dff11632d418f810d3568a72aaea42ce0d8494b8e763f9a7dd1710082e3cfab382c2085cf87451ddfab61e70c
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT HKEB0C01725410-T02.zip.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SWIFT HKEB0C01725410-T02.zip.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
alma.yang2@yandex.ru - Password:
graceofgod
Targets
-
-
Target
SWIFT HKEB0C01725410-T02.zip.exe
-
Size
1.8MB
-
MD5
b06e6bd34c7d5cd00303b533939e4881
-
SHA1
7d31bdcc3cf478b5591050de865abfa6a003938a
-
SHA256
d84f4e172e71f373f3aae337a8f78f3465ac66ed4f507dbfb63ae378e7a7ecc7
-
SHA512
aaa2e166a7de60fc0044cd96eed9ce2bb5d3653dff11632d418f810d3568a72aaea42ce0d8494b8e763f9a7dd1710082e3cfab382c2085cf87451ddfab61e70c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-