Overview

overview

10

Static

static

10

SWIFT_.exe

windows7_x64

10

SWIFT_.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38caea06aafa2ede5b93eded85dbc68b29ee07a52ca9a74753c93798ffee7f36

  • Size

    1.2MB

  • Sample

    220520-2zh29sbcbl

  • MD5

    46a9ee569abd9b130184cbbfe21df51e

  • SHA1

    e6198ba0e24640c9edb266a5c59627595a8fd900

  • SHA256

    38caea06aafa2ede5b93eded85dbc68b29ee07a52ca9a74753c93798ffee7f36

  • SHA512

    411656e7bdb37713e570af073bc897f5052aaff63794910b11c86adee78b9317759d998b661f9910f939d2e423e3abaf1a877fceada2950ccae16630a58a24d9

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      SWIFT_.EXE

    • Size

      674KB

    • MD5

      b17ee9da06e1caba6f10a2d78a2e67ac

    • SHA1

      a796b26a116a21215365b039897453f6d35be92b

    • SHA256

      35fa60d8b708fae98b47e98ecc25ecfc7ad51740fc69c7b57f989fe4fd1022d3

    • SHA512

      e728b12865422337101e7cce3a601f6ef41f11d787430fe14901d53794dc941fcd8b3da0fc0604c2b702dab796fa34c5ed22fbc7315a7971e7d32dcec8de4ff6

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks