General
-
Target
CBD POF USD SWIFT REF 82900199992100000828819147822-PDF.exe
-
Size
3.5MB
-
Sample
231212-q8dncsfeh8
-
MD5
f017bb99e5427574e9acc862cc685995
-
SHA1
a7186e398a91c3db3f79bcfb834e41d9558fcc82
-
SHA256
6016538c02f6ddd5e06a392986e79c9f219b28485dd8cef5c3864d7aebf773b1
-
SHA512
b5e9f4ab3d412e16ce587e6c56a4aa64bb984b84ad5d53f16f471368cc41dd73c7172beb1700969421496fd0539b7fa8a4c29d916330e00cbde1e7d4b682d04c
-
SSDEEP
49152:uk3d4Ss6/6rR2Ug+cKYYW6ggFmX7IILowNFgKj9rw:PW4U4aMCGr
Static task
static1
Behavioral task
behavioral1
Sample
CBD POF USD SWIFT REF 82900199992100000828819147822-PDF.exe
Resource
win10-20231020-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6348230851:AAHvC-M1EJAOlhyLClppv8SeNpMulHQIavc/
Targets
-
-
Target
CBD POF USD SWIFT REF 82900199992100000828819147822-PDF.exe
-
Size
3.5MB
-
MD5
f017bb99e5427574e9acc862cc685995
-
SHA1
a7186e398a91c3db3f79bcfb834e41d9558fcc82
-
SHA256
6016538c02f6ddd5e06a392986e79c9f219b28485dd8cef5c3864d7aebf773b1
-
SHA512
b5e9f4ab3d412e16ce587e6c56a4aa64bb984b84ad5d53f16f471368cc41dd73c7172beb1700969421496fd0539b7fa8a4c29d916330e00cbde1e7d4b682d04c
-
SSDEEP
49152:uk3d4Ss6/6rR2Ug+cKYYW6ggFmX7IILowNFgKj9rw:PW4U4aMCGr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-