General
-
Target
INV_swift_copy_HSB03102022000000000000000PDF.exe
-
Size
359KB
-
Sample
221003-nbc98adcg6
-
MD5
6e5d443a7f5dccc55b847619195cce38
-
SHA1
1f1b6d4b599ffdd2e79988311f509c0008f84d8f
-
SHA256
fad6952d13fe03d8e9a8f04e8168be03ce0b8deb45de91123fa82ff890aafc5f
-
SHA512
cbad6371167d51aef3f692ddb0a41000e04cd737aa64a7f95bfc676115df4fe8291a52f0e79f9d3449887571c017260e42eaf8e95e70b23be78a8089a2f9b7de
-
SSDEEP
3072:xMDX5HiIs1qlP0ZSbJqU4wWp5JGfou49wWCZ/13NFJPqV+9wqY+mhhhmitqOCnq:x6JHPs1qlPyqqU49dFvCZ/13NoKi
Static task
static1
Behavioral task
behavioral1
Sample
INV_swift_copy_HSB03102022000000000000000PDF.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
INV_swift_copy_HSB03102022000000000000000PDF.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.botswlogistics.com - Port:
587 - Username:
limitless@botswlogistics.com - Password:
*(QSTCj8
Targets
-
-
Target
INV_swift_copy_HSB03102022000000000000000PDF.exe
-
Size
359KB
-
MD5
6e5d443a7f5dccc55b847619195cce38
-
SHA1
1f1b6d4b599ffdd2e79988311f509c0008f84d8f
-
SHA256
fad6952d13fe03d8e9a8f04e8168be03ce0b8deb45de91123fa82ff890aafc5f
-
SHA512
cbad6371167d51aef3f692ddb0a41000e04cd737aa64a7f95bfc676115df4fe8291a52f0e79f9d3449887571c017260e42eaf8e95e70b23be78a8089a2f9b7de
-
SSDEEP
3072:xMDX5HiIs1qlP0ZSbJqU4wWp5JGfou49wWCZ/13NFJPqV+9wqY+mhhhmitqOCnq:x6JHPs1qlPyqqU49dFvCZ/13NoKi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-