General
-
Target
YPT23_1503_7_Swift_Mesaji_20230331.exe
-
Size
213KB
-
Sample
230403-gm2zdsda98
-
MD5
8219dd1ee25fb7be4d34e677d5fc3c83
-
SHA1
bca7ba7d05b2b82b9261a3b1e970180242d61868
-
SHA256
77e992be1452e98850fd4c486ac9011559a9f42553fff1075f33bf2d80314a09
-
SHA512
eff593df20764c8b9d68b09ae9a7d9ff2c4fecba8f23a8b0e2a08126fe336d36eba09f9c087c1c44b34be355b174f86e49970c6cbaad6485fad59421cd24610c
-
SSDEEP
6144:9fi+cTfTZE7rwisnvagMewwjv4OKCJezI:9fqfTZE7rwdnvagMewwLUCWI
Static task
static1
Behavioral task
behavioral1
Sample
YPT23_1503_7_Swift_Mesaji_20230331.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
YPT23_1503_7_Swift_Mesaji_20230331.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.redseatransportuae.com - Port:
587 - Username:
[email protected] - Password:
method10@10 - Email To:
[email protected]
Targets
-
-
Target
YPT23_1503_7_Swift_Mesaji_20230331.exe
-
Size
213KB
-
MD5
8219dd1ee25fb7be4d34e677d5fc3c83
-
SHA1
bca7ba7d05b2b82b9261a3b1e970180242d61868
-
SHA256
77e992be1452e98850fd4c486ac9011559a9f42553fff1075f33bf2d80314a09
-
SHA512
eff593df20764c8b9d68b09ae9a7d9ff2c4fecba8f23a8b0e2a08126fe336d36eba09f9c087c1c44b34be355b174f86e49970c6cbaad6485fad59421cd24610c
-
SSDEEP
6144:9fi+cTfTZE7rwisnvagMewwjv4OKCJezI:9fqfTZE7rwdnvagMewwLUCWI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-