General
-
Target
de89038a3b6101c71b7a51be6874e00caa10bd0492d89605fc24e659e3e514f9
-
Size
688KB
-
Sample
220520-17pz4shhgp
-
MD5
e6fecda36c789e86f44b9101f1af6462
-
SHA1
d29ef242d7d17d8fa407cd7f36e363687044b5f4
-
SHA256
de89038a3b6101c71b7a51be6874e00caa10bd0492d89605fc24e659e3e514f9
-
SHA512
a4cc45245f03d49d7990bf1a892e36e9d134119c30d671f167a1c45eff028d1057592140f2904b4252f020ca61d195ba339ac8cf6d2cc263bac03bcbee2b25ab
Static task
static1
Behavioral task
behavioral1
Sample
Swift Forms.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift Forms.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.northwestpowdercoating.co.uk - Port:
587 - Username:
[email protected] - Password:
C^0z.^LxykTW
Extracted
Protocol: smtp- Host:
mail.northwestpowdercoating.co.uk - Port:
587 - Username:
[email protected] - Password:
C^0z.^LxykTW
Targets
-
-
Target
Swift Forms.pdf
-
Size
711KB
-
MD5
62dfb7e19a35ec596d9fd64c8664ced3
-
SHA1
f74090a0eed885f4961733fb1126896a2f54b055
-
SHA256
832962d7bc1997a05b9ace55a18092ae7fb97cd3e75bcb30946a31e4f0bc5feb
-
SHA512
0def3fcd530f66613a0fa6e7ca84516ced45f73648072cc533aae01c4fe4f07cad9488b849b80246f2ef20d715fbca259aef6970c057fe2e1b7032dce1028520
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-