General
-
Target
eb3897323d2e47232d0857f1a4c0616c89c20da9645ffaf7dffa70cf60254f55
-
Size
505KB
-
Sample
220521-bmdznsfbbq
-
MD5
c9fc03bef895d6dd8d0170f500b24e8b
-
SHA1
9fbc0f0a61a742417e4031c10281987e8830fbc6
-
SHA256
eb3897323d2e47232d0857f1a4c0616c89c20da9645ffaf7dffa70cf60254f55
-
SHA512
de096c998b272f126604257788ed0c5d28ef27fc3b3b5ebd4d75bb70141b3044a857fa32bf7102da5b1f12b581d1127f7ad050b27688586f21d353b03e454f6e
Static task
static1
Behavioral task
behavioral1
Sample
CONFIRM SWIFT COPY ASAP.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CONFIRM SWIFT COPY ASAP.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
CONFIRM SWIFT COPY ASAP.exe
-
Size
807KB
-
MD5
69e54002a8c8cbcb9bb02bd21279d962
-
SHA1
a0e0a2adced8f67f7cc2e3a0c5afb566c64c0f24
-
SHA256
65b442ae93b05837a8578be110e2baa02b2500bbd9753ced15160a972fbcb276
-
SHA512
7286a5f81914ba48eb6dc986d73f30b28d7580428bacba1f848c903a7303e292476f85591f8f93504319315283e80e37f58310d46b59ac14441b2419c6a0d179
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-