General
-
Target
c6ea4ff1f1d48cef4271b4455625b446fc98772e4633d85e80964f714fa53115
-
Size
365KB
-
Sample
220521-nqzf1aead2
-
MD5
7e4616a82cb7b4ce410de59c30f7cae6
-
SHA1
04479d6395df1547a475296f55e6f351752a4073
-
SHA256
c6ea4ff1f1d48cef4271b4455625b446fc98772e4633d85e80964f714fa53115
-
SHA512
7571569775d531c104d946d095e4bfde20ad523959105696a9017a5faa77b55de7471a11e9304b7496d12cd70d06a97d2543073a960326fde1c31a8f170da549
Static task
static1
Behavioral task
behavioral1
Sample
Swift Receipt.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift Receipt.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
logsdetails0@yandex.com - Password:
Hunter$#@145722
Targets
-
-
Target
Swift Receipt.exe
-
Size
444KB
-
MD5
cf7b55938109119ae7a75b29cf792137
-
SHA1
1c2bbd9c0f343ccd748dd7252b9737e6b61308cb
-
SHA256
2088534f73106229d20329297ac7079561b2c6d2ab60631af0b29e416389839a
-
SHA512
8bf77e3b8facf35b1318f100904e2f26b0b9e75096eb0e66d614370638c2af6faf3322e75335441fdc0f35cb69eca3b4afa85f3098c2f2c893ec853322a8077e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-