Overview

overview

10

Static

static

SWIFT_CO.exe

windows7_x64

10

SWIFT_CO.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6fbf4a97a245bdaa48ee6f34f9cc30fcc4eaf73e974a993071ec2d7bcd1b7f8

  • Size

    1.8MB

  • Sample

    220521-bjk9ksehhk

  • MD5

    37bcc9da54c9b6e81c5ecf396a7dc207

  • SHA1

    3bd94dd6cd50aa2e34ef3c30ba8dc1d171f7e1ee

  • SHA256

    b6fbf4a97a245bdaa48ee6f34f9cc30fcc4eaf73e974a993071ec2d7bcd1b7f8

  • SHA512

    c81ab68877e01b6c8e7514cb29c61a21d0cf4d83990d9acbe1200d0d1f504433ed49a3e40eaea13a36c9d0175f6f38f324bdc5b3a7e6de0d1facfea7e271ad47

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    daddyhandsome1234

Targets

    • Target

      SWIFT_CO.EXE

    • Size

      1.3MB

    • MD5

      202b5f25f00160ecc1f1f19dd69e7f52

    • SHA1

      796299f0dde4e4e736ea7880024823387625fb23

    • SHA256

      fa482d8c31df688e69dd251c1ced2c142961cb1bb42e65f2344b356fc94f0336

    • SHA512

      e3f97d27d2deee1205e1bf6ab127995b894068ad8d8ab4f3adc8d465791bbbdf7b5e8939d895061fcddaab443f787ae79e5e9ca07371d18f409801abcfd933c7

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks