General
-
Target
43902d92de711c8ffc6f82e1895e88f39e1f0997c0cd5906bb9b63b2aece4d46
-
Size
376KB
-
Sample
220206-3nsyrschaq
-
MD5
60af0e6592f06f88fe8aa0d039eb6e29
-
SHA1
a327b58738b5cf0159533c44cb71ff120fdc5854
-
SHA256
43902d92de711c8ffc6f82e1895e88f39e1f0997c0cd5906bb9b63b2aece4d46
-
SHA512
ad2efab96e26d07b7296a8f5f0823d680116453bae85d05b311ea307b9017f58385499295bfcbf4f0386c7f9972fe7172bd374d13427c97b9e2f6638312e65f4
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT_76353.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
SWIFT_76353.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
nVNnX!S0
Targets
-
-
Target
SWIFT_76353.exe
-
Size
315KB
-
MD5
d3bc29cf09e1a64461a29ac2fab29aef
-
SHA1
f23f0dca5dec04e538246c69ee6635f0e0c62591
-
SHA256
94cea10956f43a889c8714c742cb10e57b44919a05c2c4703d3111acc5d6aafc
-
SHA512
7f9084aa1fd382f615a949504d4ce15f53e0d10af5c779b2252ffcadc83ff0d4dc613b8f38eafd0a932aee4db881d83b91b7c667c9348ef6f16fae050acf55d6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-