General
-
Target
Bank payment swift message.exe
-
Size
475KB
-
Sample
211202-mbcs1seecn
-
MD5
32a55693f11a631630c92e919df592e3
-
SHA1
c8f4814b6a3ae4bb6d84413e712b3e5c8fd8fa28
-
SHA256
a96787b4f613154d3a632a7ce26157b0f5cff77f35037e31be965dd6b2ef49f5
-
SHA512
41914652303f4df863c942d7043676fcc411faed0cb5929e686cf676e76fcf2a10d6724ab084e0bc989305559f1abf4c359bab365e79f11312e589d693ec4f1b
Static task
static1
Behavioral task
behavioral1
Sample
Bank payment swift message.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Bank payment swift message.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scsgroups.com - Port:
587 - Username:
[email protected] - Password:
Scs@looi1007
Targets
-
-
Target
Bank payment swift message.exe
-
Size
475KB
-
MD5
32a55693f11a631630c92e919df592e3
-
SHA1
c8f4814b6a3ae4bb6d84413e712b3e5c8fd8fa28
-
SHA256
a96787b4f613154d3a632a7ce26157b0f5cff77f35037e31be965dd6b2ef49f5
-
SHA512
41914652303f4df863c942d7043676fcc411faed0cb5929e686cf676e76fcf2a10d6724ab084e0bc989305559f1abf4c359bab365e79f11312e589d693ec4f1b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-