General
-
Target
30% Scan SWIFT 09557875678.exe
-
Size
1.3MB
-
Sample
200624-3f2a89bvq6
-
MD5
da134199e42f088378988aa5b643de1c
-
SHA1
07fb70e736ee851969e4bcadd5ba782b76d63229
-
SHA256
8f32b214dfe7dca133c2c100d46aae307ae1436a2b4afa27f261cb51c7ae262a
-
SHA512
ae5654d2d81e959b90524e6076f845c0f73a8d9d83a8f50de354842e39f00265e0b6b6296ca7b8bb55a46eab90dadfd4935457d34817a40ac9701716f64dca85
Static task
static1
Behavioral task
behavioral1
Sample
30% Scan SWIFT 09557875678.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
30% Scan SWIFT 09557875678.exe
Resource
win10
Malware Config
Extracted
Protocol: smtp- Host:
smtp.pharco--corp.com - Port:
587 - Username:
saleh.mohamed@pharco--corp.com - Password:
(UxyAlp7
Targets
-
-
Target
30% Scan SWIFT 09557875678.exe
-
Size
1.3MB
-
MD5
da134199e42f088378988aa5b643de1c
-
SHA1
07fb70e736ee851969e4bcadd5ba782b76d63229
-
SHA256
8f32b214dfe7dca133c2c100d46aae307ae1436a2b4afa27f261cb51c7ae262a
-
SHA512
ae5654d2d81e959b90524e6076f845c0f73a8d9d83a8f50de354842e39f00265e0b6b6296ca7b8bb55a46eab90dadfd4935457d34817a40ac9701716f64dca85
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-