General
-
Target
Swift0002747775 MT103 000348586.chm
-
Size
15KB
-
Sample
221207-npfmhafh2v
-
MD5
0d9ab32a173a23705f26b33c9776a8dd
-
SHA1
6b06f0fa7411ac7b01807dd526508ed37facf4e2
-
SHA256
5326f9691f9a304973414ea552cf71c21bccdaaf3899661de4ad647ba16c91aa
-
SHA512
8d229a5af217e53a522880becb68680a325b5474683798a4812640dba8c4933ca718b1485d99aef9b31b3790914fe1024ccb05abd4a503e88af998e36a93c9bd
-
SSDEEP
192:L7aJtYxFm/3gPdpkEmg45HKGBWTY1/Qxl31:L7aJtYxFqgPjkx5HlBWk1/+31
Static task
static1
Behavioral task
behavioral1
Sample
Swift0002747775 MT103 000348586.chm
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Swift0002747775 MT103 000348586.chm
Resource
win10v2004-20221111-en
Malware Config
Extracted
http://stpindo.co.id/ck12.txt
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
Swift0002747775 MT103 000348586.chm
-
Size
15KB
-
MD5
0d9ab32a173a23705f26b33c9776a8dd
-
SHA1
6b06f0fa7411ac7b01807dd526508ed37facf4e2
-
SHA256
5326f9691f9a304973414ea552cf71c21bccdaaf3899661de4ad647ba16c91aa
-
SHA512
8d229a5af217e53a522880becb68680a325b5474683798a4812640dba8c4933ca718b1485d99aef9b31b3790914fe1024ccb05abd4a503e88af998e36a93c9bd
-
SSDEEP
192:L7aJtYxFm/3gPdpkEmg45HKGBWTY1/Qxl31:L7aJtYxFqgPjkx5HlBWk1/+31
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-