General
-
Target
9903e7014b5dd817c31abfed92c9e4dab93705c0f517bebefa50109a056389ca
-
Size
702KB
-
Sample
231206-dk2dasae96
-
MD5
929a7b2981a66b9bebeb406585eac78d
-
SHA1
6a566b3402253b91ecede7dbc15f6e2e4e026fa1
-
SHA256
9903e7014b5dd817c31abfed92c9e4dab93705c0f517bebefa50109a056389ca
-
SHA512
d1ce86a12c083fcc844a216a013b7d9d743d89ef35c9a2ade0b53bf2bcecbe27c1400da7d026179950d9edebd7183e452ad65258b55d09b7f088f2a30c65503d
-
SSDEEP
12288:pUbb0q2i+jNRJjuuS6y8tYfTAzgEODYH+Kc7mrNaVsuG6rxd71wWSlssr7p2fl:mbIq1sNRJjDS6Sf+KMepkNasY1dhullm
Static task
static1
Behavioral task
behavioral1
Sample
SMT_PMT_SWIFT.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
SMT_PMT_SWIFT.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6774056184:AAGNRsfh8TKtp3v_QDZCQW1e8ODSvVaHvMo/
Targets
-
-
Target
SMT_PMT_SWIFT.exe
-
Size
820KB
-
MD5
e1eb6a93f5b33ba65a052a6de047af05
-
SHA1
46b112ed5b75224f44707967ccebf15e99845be3
-
SHA256
ef1fbaf09a00979fb3c25debeebe53c2ff844f11d817d5d925c634666c5657ac
-
SHA512
abdce0bb8ddf97e68e5d93d6e6cd5feb98658f9c2020a2677c83dd6777ba6d49d81b30f243348bdaa2f84da21636cfbfe8c54a069829b67ecfe3fea787a191bd
-
SSDEEP
12288:OLKE6jD/62iNG5nF8TUEo0g+OVY38KclmzNsvsuG6rxN71wQw4VvFXHUQ853:OLKtD/61I6vSGsp8Nqs81NhE45NS5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-