General
-
Target
SWIFT.pdf.exe
-
Size
538KB
-
Sample
230920-sajstsgh8y
-
MD5
4b16c4589ce3211b6f45051b5fb422b0
-
SHA1
2b60d36184571a1bc35c335ab8941c2bdc7f02b2
-
SHA256
ac04f04d01ae5428a8017be37d7d1352ad3212852c259d1a0e2f775969ecc36c
-
SHA512
38796bb1952559726ed4f47344962fa8dd7b051b12266f9dbfc149b5262f99f24803416ef7986577021b96bc118b39d05c95be9830b1f29ffb23c33c751b5526
-
SSDEEP
6144:Jf4NOk8oV/BR1z/8XIppg4P/l27t9mrvlRlOYADKgt5Q1OW4kXQAN2Tr3+oUSWXh:hi+9m7H2RqF4kXQf7WX42Yu26NCc6P
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.expertsconsultgh.co - Port:
587 - Username:
[email protected] - Password:
Oppong.2012 - Email To:
[email protected]
Targets
-
-
Target
SWIFT.pdf.exe
-
Size
538KB
-
MD5
4b16c4589ce3211b6f45051b5fb422b0
-
SHA1
2b60d36184571a1bc35c335ab8941c2bdc7f02b2
-
SHA256
ac04f04d01ae5428a8017be37d7d1352ad3212852c259d1a0e2f775969ecc36c
-
SHA512
38796bb1952559726ed4f47344962fa8dd7b051b12266f9dbfc149b5262f99f24803416ef7986577021b96bc118b39d05c95be9830b1f29ffb23c33c751b5526
-
SSDEEP
6144:Jf4NOk8oV/BR1z/8XIppg4P/l27t9mrvlRlOYADKgt5Q1OW4kXQAN2Tr3+oUSWXh:hi+9m7H2RqF4kXQf7WX42Yu26NCc6P
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-