General
-
Target
03102024_0525_01102024_30% SWIFT COPY DOWN PAYMENT-PDF.zip
-
Size
648KB
-
Sample
241003-f4edzswhnj
-
MD5
786068f93a04d089128def9cab0c940a
-
SHA1
bef99812ac0baa7b9b6b953a9e7769db81b7fb7c
-
SHA256
096f99764fd154c2df89bd31b871a3e59d0b8f535b12c32d12dfb131e07934e8
-
SHA512
9ce640f9bdacf17922a1ea341864456bf45585332d41acd6dae4a1d44607c5d2c9be515028af2d32b9bd0a2576fca89584e6ddb9ac19aff1edce45e1fdeafa78
-
SSDEEP
12288:/c+qMr1KH1xt/apLLD70ZrGjUBavZI8vlvil3qzz566IQA12xCEEvVZpM9/r5:mOwJ/ODyrG+avZnPwNQA12xfsVZW/V
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.zqamcx.com - Port:
587 - Username:
[email protected] - Password:
Methodman991 - Email To:
[email protected]
Targets
-
-
Target
30% SWIFT COPY DOWN PAYMENT-PDF.exe
-
Size
1.0MB
-
MD5
66110becc4f6d2fb92e1de3e628f5dce
-
SHA1
0a05265eea556d81f46173242b760ce2e7b99faa
-
SHA256
7fd0b00c630f29f370623f698cb81c67960f1e7c8b6954c1a5c451fd5e1a4d06
-
SHA512
db1b062d29e243cde4b8c1df9696cf0e79b90b9119e2f1b8d03d91976a99de8bb510057e59d62d44ac29275303c6aa2a2a32296a843749d7a400843de7cf6241
-
SSDEEP
24576:uCdxte/80jYLT3U1jfsWafjLKNCA1WxNs3ZW/baQ:nw80cTsjkWafjeNH1WxNs3i
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-