General
-
Target
1a03ef8677042233f7bd4ba09c35eb55a3dfb538cc94063638758ee5fdb08779
-
Size
203KB
-
Sample
220521-xf1ezsbfd4
-
MD5
83b65d2e08c04c14a74d9087c3fd4fc7
-
SHA1
e509e1b20cdd5b4886517cc0ec40498c561008b0
-
SHA256
1a03ef8677042233f7bd4ba09c35eb55a3dfb538cc94063638758ee5fdb08779
-
SHA512
cfb8b4b302d7d61ec2151c45daddf8c24cf3230293f206e0b11cc73673d7d270f70fc615f8e56805a648a64ba985b67f5b672e886ee1273785ea8a425f84f11b
Static task
static1
Behavioral task
behavioral1
Sample
swift.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
swift.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
swift.scr
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
swift.scr
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
swift.exe
-
Size
136KB
-
MD5
198cd80e37da0dbbaf969749e7ea1f9c
-
SHA1
d6e5dcad5b0ceae5db56d62750554d69e9c569b2
-
SHA256
2fe7660d58b881541c1f929382f478d19f17fdb56f2e8b313b8cfc0545a615bd
-
SHA512
f5d509e4ee75878f079109e4b8a056f850b67587b92e6d088e66bd79c05fdedaafb379b00d6e950bd7ab9f129351ec7be0aa911c5722254b2ea6e7eb3fc02b9d
Score10/10-
suricata: ET MALWARE AgentTesla PWS HTTP CnC Checkin
suricata: ET MALWARE AgentTesla PWS HTTP CnC Checkin
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
swift.scr
-
Size
136KB
-
MD5
198cd80e37da0dbbaf969749e7ea1f9c
-
SHA1
d6e5dcad5b0ceae5db56d62750554d69e9c569b2
-
SHA256
2fe7660d58b881541c1f929382f478d19f17fdb56f2e8b313b8cfc0545a615bd
-
SHA512
f5d509e4ee75878f079109e4b8a056f850b67587b92e6d088e66bd79c05fdedaafb379b00d6e950bd7ab9f129351ec7be0aa911c5722254b2ea6e7eb3fc02b9d
Score10/10-
suricata: ET MALWARE AgentTesla PWS HTTP CnC Checkin
suricata: ET MALWARE AgentTesla PWS HTTP CnC Checkin
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-