General
-
Target
d33a0669f9a7c0976f418f9da44a5888587bf1257ccd5b5be416ec1bc9d8c9f0
-
Size
432KB
-
Sample
220520-3rh8qshdd3
-
MD5
1f4840ff2c24cc153c433118e5ef2655
-
SHA1
ca51c163d5fb49d09c8e70f7efa6da7ac126d106
-
SHA256
d33a0669f9a7c0976f418f9da44a5888587bf1257ccd5b5be416ec1bc9d8c9f0
-
SHA512
066ea8f37555c63c2a43e5fd0bf26435b39971713c0f31416eb60be95e821cab6f63305c3d6ca8993d65e5ecff59c886359241657d7bd62b33a103846ddebbfe
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SWIFT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aquariuslogistics.com - Port:
587 - Username:
[email protected] - Password:
AQL@2019#$
Targets
-
-
Target
SWIFT.exe
-
Size
766KB
-
MD5
c7685d6c04940a9a9bdce7645ad5121d
-
SHA1
352ad790c8582959f43c453d4918f02a0333afdc
-
SHA256
0c39b4af77c7279bf8a36e9e337f0ca1af96ca31c1fda5599c5dc8183118e54c
-
SHA512
71ddb906085282566d41c2527a721013349e4c7df6cfd676584c03702c789d9313dcb1363679af78ce57123129491bb657c9c60c34cda262fe0ff4d05140ea61
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-