General
-
Target
PES50526 SWIFT.exe
-
Size
414KB
-
Sample
200630-kf3pqq3zka
-
MD5
0123087ef373a1b38b6aca84f7c3963d
-
SHA1
e5c0e04732143122f96e30b7de0e9a31abe4cb1e
-
SHA256
09201fd4fd289b123e518e541812345e816181a9cdeaecd1758bb337b807f881
-
SHA512
8804bab7c75eefd9a88ba19ead2e2b82815216505aa72151345d256dadd49f75eeadc5f619e84194309950f5ed07493e114245a88b1600f0cf7cb7c64d214175
Static task
static1
Behavioral task
behavioral1
Sample
PES50526 SWIFT.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
PES50526 SWIFT.exe
Resource
win10
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
ikpc1@yandex.com - Password:
ikechukwu112
Targets
-
-
Target
PES50526 SWIFT.exe
-
Size
414KB
-
MD5
0123087ef373a1b38b6aca84f7c3963d
-
SHA1
e5c0e04732143122f96e30b7de0e9a31abe4cb1e
-
SHA256
09201fd4fd289b123e518e541812345e816181a9cdeaecd1758bb337b807f881
-
SHA512
8804bab7c75eefd9a88ba19ead2e2b82815216505aa72151345d256dadd49f75eeadc5f619e84194309950f5ed07493e114245a88b1600f0cf7cb7c64d214175
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-