General
-
Target
CBDPOFAEDSWIFTREF8290019999210000082881914822PDF.exe
-
Size
3.5MB
-
Sample
231203-tvn4qada71
-
MD5
996e8a56754289b12368c9241074ae5e
-
SHA1
776be5998df180449446f656548b586c04e4576a
-
SHA256
1d8e06ad54176ef3faa63ff7f9cc4f6309d0f90ac75d9379308a36b85e6c4955
-
SHA512
a8190cdff462125b33716761d08359918397f3abad5cc3d08d3177f823f7ada68f1399d53bdb96d8e188cfbe23bfbc8793b997b2c18f3d04252c1be8f590dcd8
-
SSDEEP
49152:q05SIbcRH7CT+crs48aWjE/gF/NmkK+c3XSMkbhe:bRC/vg
Static task
static1
Behavioral task
behavioral1
Sample
CBDPOFAEDSWIFTREF8290019999210000082881914822PDF.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
CBDPOFAEDSWIFTREF8290019999210000082881914822PDF.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6899220110:AAEhS6HDsWPgi27wKN8gxlKUKVJ8RH74u0w/
Targets
-
-
Target
CBDPOFAEDSWIFTREF8290019999210000082881914822PDF.exe
-
Size
3.5MB
-
MD5
996e8a56754289b12368c9241074ae5e
-
SHA1
776be5998df180449446f656548b586c04e4576a
-
SHA256
1d8e06ad54176ef3faa63ff7f9cc4f6309d0f90ac75d9379308a36b85e6c4955
-
SHA512
a8190cdff462125b33716761d08359918397f3abad5cc3d08d3177f823f7ada68f1399d53bdb96d8e188cfbe23bfbc8793b997b2c18f3d04252c1be8f590dcd8
-
SSDEEP
49152:q05SIbcRH7CT+crs48aWjE/gF/NmkK+c3XSMkbhe:bRC/vg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-