General
-
Target
db661b6768247a4af248447967fff24684978d93e540f1bd7f7563488477c8f2
-
Size
354KB
-
Sample
220521-b2rt3sfhgm
-
MD5
a72fce064528325514a3aafd529d2888
-
SHA1
bc07f43a030690a924aeed5142baa446ec8a0a1e
-
SHA256
db661b6768247a4af248447967fff24684978d93e540f1bd7f7563488477c8f2
-
SHA512
489c768d85d611528ce8ee2f27a77fad260912957faf9abd668b8239d6f3e3fd23112d81f562e1f1c24e802386d07aaa42aba32a8ba0f3ea645ceb6bd97bc08a
Static task
static1
Behavioral task
behavioral1
Sample
ESE Swift TT payment Maksajuma dokuments ar atru apstiprinajumu 9029938829 doc PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ESE Swift TT payment Maksajuma dokuments ar atru apstiprinajumu 9029938829 doc PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.connectus-trade.net/ - Port:
21 - Username:
[email protected] - Password:
o^Z0CIU?^yL2
Protocol: ftp- Host:
ftp://ftp.connectus-trade.net/ - Port:
21 - Username:
[email protected] - Password:
o^Z0CIU?^yL2
Targets
-
-
Target
ESE Swift TT payment Maksajuma dokuments ar atru apstiprinajumu 9029938829 doc PDF.exe
-
Size
397KB
-
MD5
6b253203ece65981efc86c6792c1b07f
-
SHA1
d5f5bb6beba8024d5976e7ad322de4c40693d450
-
SHA256
d548132c9ebe5ce61a2bf80020dd1b44ba464cadd85394925dec3b18ca1aef42
-
SHA512
3e3cd89ec9107f21253abaf513146b7d400d3728db5ac8a3c2867f6a0d0b09d1cc34a6348c9000d32096ee862de4bbccbc6a4e372af09d9861690e1066b09b74
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-