General
-
Target
b6fbf4a97a245bdaa48ee6f34f9cc30fcc4eaf73e974a993071ec2d7bcd1b7f8
-
Size
1.8MB
-
Sample
220521-bjk9ksehhk
-
MD5
37bcc9da54c9b6e81c5ecf396a7dc207
-
SHA1
3bd94dd6cd50aa2e34ef3c30ba8dc1d171f7e1ee
-
SHA256
b6fbf4a97a245bdaa48ee6f34f9cc30fcc4eaf73e974a993071ec2d7bcd1b7f8
-
SHA512
c81ab68877e01b6c8e7514cb29c61a21d0cf4d83990d9acbe1200d0d1f504433ed49a3e40eaea13a36c9d0175f6f38f324bdc5b3a7e6de0d1facfea7e271ad47
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT_CO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SWIFT_CO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
daddyhandsome1234
Targets
-
-
Target
SWIFT_CO.EXE
-
Size
1.3MB
-
MD5
202b5f25f00160ecc1f1f19dd69e7f52
-
SHA1
796299f0dde4e4e736ea7880024823387625fb23
-
SHA256
fa482d8c31df688e69dd251c1ced2c142961cb1bb42e65f2344b356fc94f0336
-
SHA512
e3f97d27d2deee1205e1bf6ab127995b894068ad8d8ab4f3adc8d465791bbbdf7b5e8939d895061fcddaab443f787ae79e5e9ca07371d18f409801abcfd933c7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-