General
-
Target
7cc3810e9ec12dadac126413d2317a2ee3b5d0cef2d6771aa0b03eaea5039c4d
-
Size
342KB
-
Sample
220521-b2wg9sfhhp
-
MD5
a8a2ccd74d0ff53b9fb8655ad5821aa8
-
SHA1
3e01ab9b98f575213f37f374cd80aafb056118cc
-
SHA256
7cc3810e9ec12dadac126413d2317a2ee3b5d0cef2d6771aa0b03eaea5039c4d
-
SHA512
1e43bd1679879b6b0a60cbeb9170658cc820851d5ebb806fd08c4fb04a713d51bc9c04603e5c085a49f6fc551eed09d82d91f52306927521eb4c282887149ae6
Static task
static1
Behavioral task
behavioral1
Sample
Swift.scan.pdf..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift.scan.pdf..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ceasmania.ro - Port:
587 - Username:
[email protected] - Password:
abc+123ABC
Targets
-
-
Target
Swift.scan.pdf..exe
-
Size
387KB
-
MD5
b639feeb11fb34d180a8d5e56525f9fb
-
SHA1
6692d4456af443bdeac9c221eeb9fb21c13681e8
-
SHA256
b9772ef962373f4f5e7c5e4169812301f7739d2df4b1d3dcbeea84d6eed162b3
-
SHA512
204ac33876477d553647c231e9a7304c6873ab7e620447b4369a9c80719c2cbbf6c3ef5c594bee8a26f0dd5eb0966b317301b625f4ad86a1fe422daaf2cd314c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-