General
-
Target
Bank Swift TT copy.exe
-
Size
427KB
-
Sample
211020-nfbxysghh6
-
MD5
5886e035a12b13f2715f29c7d640bcc7
-
SHA1
cb7fc2abb0f53228fbd9b3a5ae122f4ac05a205a
-
SHA256
6c1e992a6a4027f434e8b4834adbb06cd08b3a650b1fdf855d0cac0e3a0ea0b5
-
SHA512
a5ada49df6d0b42bf2941c449da63ed58b46acdaf090a0d452f86725fb4bc3c4b9d7d512a50d969b0ec93f6478fd213472f9c422d4b10ad7c83df49aee72d6bc
Static task
static1
Behavioral task
behavioral1
Sample
Bank Swift TT copy.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Bank Swift TT copy.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dairysystems.co.ke - Port:
587 - Username:
[email protected] - Password:
2019@systems
Targets
-
-
Target
Bank Swift TT copy.exe
-
Size
427KB
-
MD5
5886e035a12b13f2715f29c7d640bcc7
-
SHA1
cb7fc2abb0f53228fbd9b3a5ae122f4ac05a205a
-
SHA256
6c1e992a6a4027f434e8b4834adbb06cd08b3a650b1fdf855d0cac0e3a0ea0b5
-
SHA512
a5ada49df6d0b42bf2941c449da63ed58b46acdaf090a0d452f86725fb4bc3c4b9d7d512a50d969b0ec93f6478fd213472f9c422d4b10ad7c83df49aee72d6bc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-