General
-
Target
37026e88e56959d8527bdd29807cfd96a0d53a595b8f9d4072c6ae814d9c8634
-
Size
689KB
-
Sample
240612-cmgw1aydrc
-
MD5
5a6cbea0c2b49e6963c14d793bd16dfe
-
SHA1
f71e52e2ba29b977e45e8efd3b766ac85de8b8c3
-
SHA256
37026e88e56959d8527bdd29807cfd96a0d53a595b8f9d4072c6ae814d9c8634
-
SHA512
3ca31603b4decd8e89df4c78974bb3aa94d161c14bdd99aada65aa1a1ef6cb058398dfe4edb9865dd7f4576c29b0d7ae163723bea9616fb3cfcabffbad4a85f8
-
SSDEEP
12288:gEOBm8W5lHiIO4zIk66TFPlxVlZvfJeFl7BMCcjXheC6iikzUE8li1CwfiNNOmv:gEXVpx9PLXoDdKjXheBP6gRwqNNOU
Static task
static1
Behavioral task
behavioral1
Sample
Payment Swift.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Payment Swift.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.destinationtoplan.com - Port:
587 - Username:
[email protected] - Password:
Alora..333 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.destinationtoplan.com - Port:
587 - Username:
[email protected] - Password:
Alora..333
Targets
-
-
Target
Payment Swift.exe
-
Size
712KB
-
MD5
d1022b868084f1b66bfa7886d99beb6a
-
SHA1
260ea9ea5fc5169f4e0c4801cf1bbb8f1b77c2d2
-
SHA256
ae56de5b8d4d89c0644b5dca19f74228561188657b2c6b034837c6c51572ff8a
-
SHA512
6b59f5edcf84ce66f40e26fc8bba0f913ca2a21b909fa55e6071bfe0342b42b5f75a1e89c87b8178979f8cb39be253272b3959154af8ba12a8ece63d5f782620
-
SSDEEP
12288:LaCR5leZlN2EwXWoS+fTRzbiuaGvIAs7BMCqjXfaCmiikzaG8liSeXgj3HRYojzN:G+ergZWo31G/JdEjXfa/P6unLHh/F
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-