General
-
Target
d55ae0595505278bd448159dba33bde89baaec39a774d76c28cd7caf7eaf00bf
-
Size
360KB
-
Sample
220521-nzb23aeda5
-
MD5
554388c3f9ac33060594dcf522119f75
-
SHA1
e53900e6f99070293ae8987bb9597d69ccfa389b
-
SHA256
d55ae0595505278bd448159dba33bde89baaec39a774d76c28cd7caf7eaf00bf
-
SHA512
b1679a70e28e6725cc882e390be64da8845cb54b6a2cd80c6c47115281bd45c51b5f902015708d67210564531474feb153703e8dfa4ae5bd6fff7e0a846bd05e
Static task
static1
Behavioral task
behavioral1
Sample
INWARD#2671SWIFT.html.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INWARD#2671SWIFT.html.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ibc.by - Port:
587 - Username:
greenpark@ibc.by - Password:
QWErty654321
Extracted
Protocol: smtp- Host:
mail.ibc.by - Port:
587 - Username:
greenpark@ibc.by - Password:
QWErty654321
Targets
-
-
Target
INWARD#2671SWIFT.html.exe
-
Size
379KB
-
MD5
135f83f86309a790fe91bc93c405caa4
-
SHA1
25956724f209adc49b5d61d352bc308c1bdca163
-
SHA256
ec7a0509c47b0fb580fe7f0ea4656c25bdcefeded8c0283fc550d97dcf6859ed
-
SHA512
48e41ffabf3c7b5394a5e16d5bb4dc4cb084483beef07489cf5484caa48f50741e33f6a9b3dbdbbceb584ea03c6c6366575246ef6404569fdb21ca65c324fc56
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-