General
-
Target
INV_swift_advice_26092022000000000000000.exe
-
Size
365KB
-
Sample
221003-hsnjmacda5
-
MD5
72f30db13d792c09e2e907b441f50192
-
SHA1
f7bf5d8c198ff7387702b34c8db27595fd38906f
-
SHA256
b872a0afdf50b5355b2edc24683e885c326202b19c4aa3edec81af090fa93756
-
SHA512
cdf3cf88b1f4a3b1110810a32c8eece9df8f0fa04bb19e1f173154678f2f35d30e03e7747ca639afebfaab1ffcb800696dd8a9be4bc95814456ffd1224b83bd4
-
SSDEEP
3072:nKjc4Sh/1pi3lOh39b96OFXio205b4TxHTC7tsisD8Wrk784a0S4XPv9Wb+9wqYl:nKjA3i3AVFyoQzC5wHKthS4/vobKi
Static task
static1
Behavioral task
behavioral1
Sample
INV_swift_advice_26092022000000000000000.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
INV_swift_advice_26092022000000000000000.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.botswlogistics.com - Port:
587 - Username:
limitless@botswlogistics.com - Password:
*(QSTCj8
Targets
-
-
Target
INV_swift_advice_26092022000000000000000.exe
-
Size
365KB
-
MD5
72f30db13d792c09e2e907b441f50192
-
SHA1
f7bf5d8c198ff7387702b34c8db27595fd38906f
-
SHA256
b872a0afdf50b5355b2edc24683e885c326202b19c4aa3edec81af090fa93756
-
SHA512
cdf3cf88b1f4a3b1110810a32c8eece9df8f0fa04bb19e1f173154678f2f35d30e03e7747ca639afebfaab1ffcb800696dd8a9be4bc95814456ffd1224b83bd4
-
SSDEEP
3072:nKjc4Sh/1pi3lOh39b96OFXio205b4TxHTC7tsisD8Wrk784a0S4XPv9Wb+9wqYl:nKjA3i3AVFyoQzC5wHKthS4/vobKi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-