General
-
Target
SWIFT CONFIRMATION.exe
-
Size
736KB
-
Sample
210727-cdh8ntp29j
-
MD5
56a49812b0b2214950f241aeec86fa55
-
SHA1
c33b64a409a9fdb32555e14ef57290afa3942710
-
SHA256
0fba63de28c93fd00593e1b906f7a78e197d3392ed24fc4e4d24c8405d11bab7
-
SHA512
6dac655ca3266b4444c4a739aeeda622db8581b5673f2ce4f05a81e9b5e4083fe708343b66df0575653f414d7b6d7d3ca3249a4a78321fe4810e1ce2cea18ff5
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT CONFIRMATION.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SWIFT CONFIRMATION.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.saisianket-tech.com - Port:
587 - Username:
akibapen@saisianket-tech.com - Password:
donblack12345
Targets
-
-
Target
SWIFT CONFIRMATION.exe
-
Size
736KB
-
MD5
56a49812b0b2214950f241aeec86fa55
-
SHA1
c33b64a409a9fdb32555e14ef57290afa3942710
-
SHA256
0fba63de28c93fd00593e1b906f7a78e197d3392ed24fc4e4d24c8405d11bab7
-
SHA512
6dac655ca3266b4444c4a739aeeda622db8581b5673f2ce4f05a81e9b5e4083fe708343b66df0575653f414d7b6d7d3ca3249a4a78321fe4810e1ce2cea18ff5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-