General
-
Target
PAYMENT SWIFT COPY MT103.exe
-
Size
819KB
-
Sample
210408-qdhxl4magn
-
MD5
c4496bf2025faf96c00b63c0b892876f
-
SHA1
8619a3a581203b3abd1437ab27c2bbde155cbefc
-
SHA256
ec3b903a30c68853b60ea2f08eeef7f140e0c9b8b0c8deee2bc504ca1c2a1a51
-
SHA512
4345c8c32c0b359397ca1b4b83c230e741ba1eef9cde3fa9030105aee96ea685f8e5a5ecebe2cc1c6d8b13a2668400e27bd7085d64cb4e30afc0fea64976ea3a
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT SWIFT COPY MT103.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PAYMENT SWIFT COPY MT103.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
bilalahmed@shangrila-pk.com - Password:
YnFX@HO9
Targets
-
-
Target
PAYMENT SWIFT COPY MT103.exe
-
Size
819KB
-
MD5
c4496bf2025faf96c00b63c0b892876f
-
SHA1
8619a3a581203b3abd1437ab27c2bbde155cbefc
-
SHA256
ec3b903a30c68853b60ea2f08eeef7f140e0c9b8b0c8deee2bc504ca1c2a1a51
-
SHA512
4345c8c32c0b359397ca1b4b83c230e741ba1eef9cde3fa9030105aee96ea685f8e5a5ecebe2cc1c6d8b13a2668400e27bd7085d64cb4e30afc0fea64976ea3a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-