General
-
Target
Bank Swift TT copy.rar
-
Size
382KB
-
Sample
211021-a1wafahfh4
-
MD5
495108dd01c3c3bc994a8329dec74b92
-
SHA1
1a37cd338f4f1edaa0a79df1a7f62154ac59fa2b
-
SHA256
bf843cc6d19e090c64f7e69434e5ecdfb7a383ccca61866cd9f94f42ee83d2e9
-
SHA512
3fc0af74c238784e425276ca4e4d521a137614c2cbaf8b9aea56b620cb60981be821f3ad63d34c75b5e2729ba7cca1dd7072248e7e57dfe231a3a26106f74f6f
Static task
static1
Behavioral task
behavioral1
Sample
Bank Swift TT copy.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Bank Swift TT copy.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dairysystems.co.ke - Port:
587 - Username:
info@dairysystems.co.ke - Password:
2019@systems
Targets
-
-
Target
Bank Swift TT copy.exe
-
Size
427KB
-
MD5
5886e035a12b13f2715f29c7d640bcc7
-
SHA1
cb7fc2abb0f53228fbd9b3a5ae122f4ac05a205a
-
SHA256
6c1e992a6a4027f434e8b4834adbb06cd08b3a650b1fdf855d0cac0e3a0ea0b5
-
SHA512
a5ada49df6d0b42bf2941c449da63ed58b46acdaf090a0d452f86725fb4bc3c4b9d7d512a50d969b0ec93f6478fd213472f9c422d4b10ad7c83df49aee72d6bc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-