General
-
Target
C0R102378T17957808.eml
-
Size
1.0MB
-
Sample
241021-qvc5nsxelj
-
MD5
9039d50502d931fb1dfc72173ba9916a
-
SHA1
f3b7b07992207032b89fb4eca7069667c1b44b45
-
SHA256
8b190d14eebd681565195bf1b3200da016e0278503441034bd92346a9051b6b1
-
SHA512
18c70863063d9822b60f987c4a30c122395fe0b92954b5956840d26db6cdd2cdc2027c4b12368800ec4a5743936bd236a97f00ddf649426e97f9fcab21934d55
-
SSDEEP
24576:gdpTRPz7vb5JxfvdJRDdpTR8AEPgXcg+zqYlpNsSTDhwqfS0hnlJYG9f9v/4L:I5cgi1wySmnbYGLv6
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT 2006799120024.xlam
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
SWIFT 2006799120024.xlam
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
3^?r?mtxk(kt - Email To:
[email protected]
Targets
-
-
Target
SWIFT 2006799120024.xlam
-
Size
768KB
-
MD5
a41ca3369657198fb4cc1da3ca8c2f76
-
SHA1
57619d04d478f1acd94ace7c82d135ff4e7693fd
-
SHA256
7faca0e3d5dbcec15d1209d157bbfb22763d9885da5aa21604e31d8c439717c5
-
SHA512
1bb060314da6d75db06320c9b1a235c45adb492f2bff4a5727905e1a1b8c07fa09c6548bcb17584fd36ddec674628398bb6e4e18458913cc23fa49cba38526f4
-
SSDEEP
24576:b7zEkcAKb7PW0l20GXZJJFjWoX2HGKVDu:bXEkcAq7WalSFjFX2HHC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-