General
-
Target
6f35e23b17a51a81638836b290f94d99c36e2e746ad35a135b5c0b685659ff98
-
Size
648KB
-
Sample
220520-2fp2gaadbq
-
MD5
61488b88556a4e28bb4e466794eb13c6
-
SHA1
2c5063b10ffb8162f71857ee927ce13e247f56a5
-
SHA256
6f35e23b17a51a81638836b290f94d99c36e2e746ad35a135b5c0b685659ff98
-
SHA512
fcafedc6b30795a6d72a6d86a0e81f6bf264aa19af3907fd6d6d28e8dfd3da893e620c71e6d480670739fb4ec93c231ca36bfe22715519a744d5946a3fc9e3de
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SWIFT.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kingmoney12345
Targets
-
-
Target
SWIFT.pdf.exe
-
Size
692KB
-
MD5
4235e668cc2e82e7d7f8d73286e2283a
-
SHA1
b839c3b07f44652c4cf38e6f95e8e16215c70f9a
-
SHA256
1498e66353afc2a6af339068e9f0242a5e848a76af99fa544bf4b480674a6ca0
-
SHA512
a738b95971fdef593542f4392d93f6205ec8294f4afa1a098a91e31301f15296ff165453832dc6ba0e8f79cf0cd8ee45c0be0e80b1debe02f60f681e53bddf72
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-