General
-
Target
SWIFT.pdf.exe
-
Size
977KB
-
Sample
210121-ebf6t6887a
-
MD5
e1c2dfde03ce13e517b7b25f4ef39fce
-
SHA1
e9f8582198850b676104c11aab2721b6807f1956
-
SHA256
a14532851a6cf9501f2a4f5b0ecc61d4ef8e10d220a401b220cd06ae8f83aeee
-
SHA512
7b98671c5449b1d2eacabe17aedc1420d4451d387c0ee86fbdb3e54ee8213227628130711196b93ac17a985fa5007242b41957112a5cff5025eac82a9541cbdb
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SWIFT.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
delovnaposta.telekom.mk - Port:
587 - Username:
b.stojanov@opstinagpetrov.gov.mk - Password:
bosko
Targets
-
-
Target
SWIFT.pdf.exe
-
Size
977KB
-
MD5
e1c2dfde03ce13e517b7b25f4ef39fce
-
SHA1
e9f8582198850b676104c11aab2721b6807f1956
-
SHA256
a14532851a6cf9501f2a4f5b0ecc61d4ef8e10d220a401b220cd06ae8f83aeee
-
SHA512
7b98671c5449b1d2eacabe17aedc1420d4451d387c0ee86fbdb3e54ee8213227628130711196b93ac17a985fa5007242b41957112a5cff5025eac82a9541cbdb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-