General
-
Target
9189d9d13ec6f7310211d7ddfa829a4d7e854ab62ee39ea6db7f993714fa561e
-
Size
478KB
-
Sample
220520-3b92hsbegr
-
MD5
b8652d98f0b6c907cddbf4cab5646134
-
SHA1
57366620e4e53db95d5a7d6d2121470e351e5060
-
SHA256
9189d9d13ec6f7310211d7ddfa829a4d7e854ab62ee39ea6db7f993714fa561e
-
SHA512
8c58aab0406f40c40b1a048a52f8b4d9175419c4f78e5e54850658308472c143d6e956183245dbbb66a9a719b80b1a2e53ab6f66d8201026b0a7739e1d85883a
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.xls.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift copy.xls.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.blc.com.np - Port:
587 - Username:
[email protected] - Password:
bhuramal
Targets
-
-
Target
Swift copy.xls.exe
-
Size
705KB
-
MD5
02b4cd91c80eb6395d1329beb9e20d15
-
SHA1
dd02b4a3c4e10fe21d4276e5d1e37eeb7ba38e3b
-
SHA256
0ccd73a94d46ffb3f88ab74256197c9cb5e15d87f017b5752ee557985138c1b4
-
SHA512
c16e27c117447765148b7e9999d4b01a70fb59a9b1e70c607e7c350e3967b92d0361c508b00c8a56994af49a1aad03525e959abd677a1fd19b7605b24071d014
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-