General
-
Target
SWIFT copy.29112022.Pdf.exe
-
Size
745KB
-
Sample
221129-vypebsch5x
-
MD5
5f400bae896422a69db460a4507fd657
-
SHA1
e90b7c431d34b39bef8492de7fb987f51c3fb804
-
SHA256
d5de496be1535d0b8d9c8f57087e9ae2a26aaf7c33c2ddca65b3231dc3b2460b
-
SHA512
7e54192c570d2a7fe7700d69bd782173dfe41dc102afceffbda47207d4bfcb80783f7c70bf9666e287ccbcf413bf482aeb321fe559ba7b75ae43416b0feee643
-
SSDEEP
12288:ZYn2P8Ai1FDasqS6/0kz0z63eR7J/ZmhOQQVvedp:qn20t1Ffl+0kzAttq62
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT copy.29112022.Pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SWIFT copy.29112022.Pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.nutiribio.com - Port:
587 - Username:
humhum@nutiribio.com - Password:
zGNVO(l5
Targets
-
-
Target
SWIFT copy.29112022.Pdf.exe
-
Size
745KB
-
MD5
5f400bae896422a69db460a4507fd657
-
SHA1
e90b7c431d34b39bef8492de7fb987f51c3fb804
-
SHA256
d5de496be1535d0b8d9c8f57087e9ae2a26aaf7c33c2ddca65b3231dc3b2460b
-
SHA512
7e54192c570d2a7fe7700d69bd782173dfe41dc102afceffbda47207d4bfcb80783f7c70bf9666e287ccbcf413bf482aeb321fe559ba7b75ae43416b0feee643
-
SSDEEP
12288:ZYn2P8Ai1FDasqS6/0kz0z63eR7J/ZmhOQQVvedp:qn20t1Ffl+0kzAttq62
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-