General
-
Target
SWIFT MT103.exe
-
Size
1.1MB
-
Sample
211018-jrj1gseahq
-
MD5
7864fb0b03ee179f129ac268e9c1e6c5
-
SHA1
b2c5fe1cdd6b50563d88d74ba4c2a5070401110f
-
SHA256
4248a8c899ffd31c3b3771124b5aa9ddc5320bf5b4c274990969a663cda33c01
-
SHA512
63d48a3ca4a586a1c6d66eaa4b76b2648dc5a5d885175b7ed54d6aaf0137c81a63d4f3ccf059637c3d118f518d182747cf6dbd7f02489efb5c510555e9e45096
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT MT103.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
SWIFT MT103.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.adityagroup.co - Port:
587 - Username:
[email protected] - Password:
Aditya!@#$%^
Targets
-
-
Target
SWIFT MT103.exe
-
Size
1.1MB
-
MD5
7864fb0b03ee179f129ac268e9c1e6c5
-
SHA1
b2c5fe1cdd6b50563d88d74ba4c2a5070401110f
-
SHA256
4248a8c899ffd31c3b3771124b5aa9ddc5320bf5b4c274990969a663cda33c01
-
SHA512
63d48a3ca4a586a1c6d66eaa4b76b2648dc5a5d885175b7ed54d6aaf0137c81a63d4f3ccf059637c3d118f518d182747cf6dbd7f02489efb5c510555e9e45096
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-