General
-
Target
Payment Swift.doc
-
Size
136KB
-
Sample
240426-kk2gmach5x
-
MD5
67fea5000046ad95ddf9707506002eaa
-
SHA1
b41f04ef65206c9f0305cc0b124dc9a58f1fe0aa
-
SHA256
b8fa7245705f07d10b2f028be43ba688ca78ddc224665a2da85d529c124725b1
-
SHA512
d829fd14378d1ed8a1a056c2a0d0aaf5989dffad2fc1311874a3ec4b7228ca009945b9e74889761e7e1c35f06dcd335758c7b7456c467a0544f21eb1c1ee1f3f
-
SSDEEP
768:owAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjJeHe6wUm/IqLUV0/s7B:owAlRkwAlRkwAlRIeHON7LUbTtP
Static task
static1
Behavioral task
behavioral1
Sample
Payment Swift.rtf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Payment Swift.rtf
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
micromeqbd@gmail.com - Password:
tssveohxktcpzhdm - Email To:
micromeqbd@gmail.com
Targets
-
-
Target
Payment Swift.doc
-
Size
136KB
-
MD5
67fea5000046ad95ddf9707506002eaa
-
SHA1
b41f04ef65206c9f0305cc0b124dc9a58f1fe0aa
-
SHA256
b8fa7245705f07d10b2f028be43ba688ca78ddc224665a2da85d529c124725b1
-
SHA512
d829fd14378d1ed8a1a056c2a0d0aaf5989dffad2fc1311874a3ec4b7228ca009945b9e74889761e7e1c35f06dcd335758c7b7456c467a0544f21eb1c1ee1f3f
-
SSDEEP
768:owAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjJeHe6wUm/IqLUV0/s7B:owAlRkwAlRkwAlRIeHON7LUbTtP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-