General
-
Target
SWIFT.exe
-
Size
527KB
-
Sample
210408-7aylsyf7xa
-
MD5
10147d04f23eb0e97f535f432988ee6f
-
SHA1
3ed18b8b0238ae1d80b75b1622c1050fa3823870
-
SHA256
a2d57fd326d83d00c7aa270df2145c200205a5e94637948db042a0ac20239389
-
SHA512
b6e1f09b715cd6b4db9df25a2c0b6afcb8579219b2769fe86c2c97da9b57031c51f2eefd819912808475d1a20848d5c348f974e7233967a0371e18ea73204331
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SWIFT.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
result.package@yandex.ru - Password:
Blessing123
Targets
-
-
Target
SWIFT.exe
-
Size
527KB
-
MD5
10147d04f23eb0e97f535f432988ee6f
-
SHA1
3ed18b8b0238ae1d80b75b1622c1050fa3823870
-
SHA256
a2d57fd326d83d00c7aa270df2145c200205a5e94637948db042a0ac20239389
-
SHA512
b6e1f09b715cd6b4db9df25a2c0b6afcb8579219b2769fe86c2c97da9b57031c51f2eefd819912808475d1a20848d5c348f974e7233967a0371e18ea73204331
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-