General
-
Target
SWIFT_ADVICE.exe
-
Size
672KB
-
Sample
211202-lbcbtadhdm
-
MD5
5dcc94e34045484495dcc1bc6f1c6921
-
SHA1
a590f9f5ff0bcbbbc768d329ab3395bcf12f4e63
-
SHA256
06ab16b86393e1eafa3f3b3c0c3a67804135b8cc9332d932a019ad98468191cb
-
SHA512
ba75c9ddae7a16abed772eb22c59f23de86a7858a2000d8fccd894cfd8e2b10e4ac36f92793c383af356346b7ec79a0b05f1e700abc80afdd6182f253ae7d488
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT_ADVICE.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SWIFT_ADVICE.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1649974165:AAEw6GzBFS7fcRG392_tbbCihTBzve7azV0/sendDocument
Targets
-
-
Target
SWIFT_ADVICE.exe
-
Size
672KB
-
MD5
5dcc94e34045484495dcc1bc6f1c6921
-
SHA1
a590f9f5ff0bcbbbc768d329ab3395bcf12f4e63
-
SHA256
06ab16b86393e1eafa3f3b3c0c3a67804135b8cc9332d932a019ad98468191cb
-
SHA512
ba75c9ddae7a16abed772eb22c59f23de86a7858a2000d8fccd894cfd8e2b10e4ac36f92793c383af356346b7ec79a0b05f1e700abc80afdd6182f253ae7d488
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-