General
-
Target
30bf0417e8ef6f1c5e5fd0c824bbe27ee0ef116ccdb02cbe5b93d83106747b1f
-
Size
451KB
-
Sample
220521-bbvs2sbfe7
-
MD5
18a40cfc308b213eb101215231447f27
-
SHA1
c26ef73b0d446cdc0f93a947e79c29edd4f90090
-
SHA256
30bf0417e8ef6f1c5e5fd0c824bbe27ee0ef116ccdb02cbe5b93d83106747b1f
-
SHA512
d9312a1bdc0fc7d30912f910d9c9d674979f22638197556c3487306dcfef6a5f33db8f0264f9e0822bab720d1472798ec6db53009e5697482439cab9839c46b5
Static task
static1
Behavioral task
behavioral1
Sample
Bank_swift_7312020_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Bank_swift_7312020_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
[email protected] - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
Bank_swift_7312020_pdf.exe
-
Size
505KB
-
MD5
1218c82a5f6287684f1cab30ec3f9ac5
-
SHA1
5a2f7bc5d6f96c33116c1fbc6dd9530f1977bee7
-
SHA256
c4e9cfa688e157572fb7eed326914253fba8a38cc22a9670291117464f6c9214
-
SHA512
033124ae5d6eefa5fb00730c52ddad5e6931196230982012a01432d355e25f05f29338590ee2e3c402030c1487ccc3b36db8339b3e5a9288ed15928e9ce1de9e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-