General
-
Target
35,276.70 SWIFT.xlsx
-
Size
469KB
-
Sample
210421-985n89ttns
-
MD5
72b12d5672ca2a2d758554548401568a
-
SHA1
bd81a200472e6ccc14e1ed8e2282f3bc32ae9d29
-
SHA256
e3df51fb381739343abac1afe4fecc7c748227b1d7f935ab8b37486d4dabc12c
-
SHA512
934ea2b8554c6b1cf241ea42b62f416f3b8ee9e5ae6007ff9e96f22f37a6ad85ddb92110cd27adbce7e053940af7d2b4c61cd79a7a8e57e9dd538f158ab380b1
Static task
static1
Behavioral task
behavioral1
Sample
35,276.70 SWIFT.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
35,276.70 SWIFT.xlsx
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
razilogs@razilogs.com - Password:
FUCKYOU3116
Targets
-
-
Target
35,276.70 SWIFT.xlsx
-
Size
469KB
-
MD5
72b12d5672ca2a2d758554548401568a
-
SHA1
bd81a200472e6ccc14e1ed8e2282f3bc32ae9d29
-
SHA256
e3df51fb381739343abac1afe4fecc7c748227b1d7f935ab8b37486d4dabc12c
-
SHA512
934ea2b8554c6b1cf241ea42b62f416f3b8ee9e5ae6007ff9e96f22f37a6ad85ddb92110cd27adbce7e053940af7d2b4c61cd79a7a8e57e9dd538f158ab380b1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-