General
-
Target
Bank payment swift message.exe
-
Size
470KB
-
Sample
211202-splwqsdah7
-
MD5
8cf71f83b169db6428ce1345eacec7e1
-
SHA1
50cde0ed5ae88e15fc6a190216f767c61014261f
-
SHA256
7c04ed79e657827d9ed17fc6f50e51a5818bf9b7db804691dee2470d5371162e
-
SHA512
e66d9f4dfa5bb8bd30182549b11b0a78345696d48ab4f03c0571081ea63ac3005a5681ebacf50981b3d359c9fd9c3c911ea254794ba8dfa63ed93c56e9f7d1ea
Static task
static1
Behavioral task
behavioral1
Sample
Bank payment swift message.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Bank payment swift message.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scsgroups.com - Port:
587 - Username:
leell@scsgroups.com - Password:
Scs@looi1007
Targets
-
-
Target
Bank payment swift message.exe
-
Size
470KB
-
MD5
8cf71f83b169db6428ce1345eacec7e1
-
SHA1
50cde0ed5ae88e15fc6a190216f767c61014261f
-
SHA256
7c04ed79e657827d9ed17fc6f50e51a5818bf9b7db804691dee2470d5371162e
-
SHA512
e66d9f4dfa5bb8bd30182549b11b0a78345696d48ab4f03c0571081ea63ac3005a5681ebacf50981b3d359c9fd9c3c911ea254794ba8dfa63ed93c56e9f7d1ea
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-