General
-
Target
613ffa6fb0f9965935297490a3ea5f63c8f870201ec304321e3812f5518c840b
-
Size
407KB
-
Sample
220521-nxpv5shdck
-
MD5
730801fffb828d44f1acdda7881a4054
-
SHA1
7ad7d7e760573ec10cd911e5e0f56e59191827ad
-
SHA256
613ffa6fb0f9965935297490a3ea5f63c8f870201ec304321e3812f5518c840b
-
SHA512
43acc2f70a4b46505fe28aa3be326bef6f838d6b59a78811dbe0f38286bcb0055cb6279435144676873c6f34d792e3a67607ae692ba94b334c7aba334e40b4c7
Static task
static1
Behavioral task
behavioral1
Sample
payment swift copy -html.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
payment swift copy -html.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.himdiesel.com - Port:
587 - Username:
accounts@himdiesel.com - Password:
hdes@mhe
Targets
-
-
Target
payment swift copy -html.exe
-
Size
699KB
-
MD5
09a08a29118e5b3e384fc7aaeea99efd
-
SHA1
cbeadbda9e2cd9f4eec994fb2f484f8db868f34b
-
SHA256
f08ce88e79b97af9335ba57148285d21ec9527019331f78279d0f19c25a4f211
-
SHA512
b11eb80cb67e7bdbb91a48dce36d2d61817045b396847cf23d5f5dc5eb40229d7fbc4ce99c10b27aba62b025b872be366fabb442ee21eda707f5b979e3349c3e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-