General
-
Target
SWIFT.r15.rar
-
Size
556KB
-
Sample
221002-lxr96abfan
-
MD5
8a93b55c6884e9798e58c4cd0aa43e6f
-
SHA1
97d13d769108c8643539c354711379f5050c9800
-
SHA256
fee99fa36d799f504c2c1e9ba102fd809cf76aff380c55bf4cd2358b96ff74c7
-
SHA512
bca2b4a59195261ac1cdadcea42c283287b3495c530e4aadfacc3929d0e93b969caffa28fa821b852b963ff810624f64d46dfb3ff98d5ff02be484131ecc2c96
-
SSDEEP
12288:sNWBkEijF7dpiBpwnxbuwj0ecpQxdmt3vS496fuZF8yWRM2Y9N:QAkEWF7Xi4xb9KQx8t3vD5tN9N
Malware Config
Targets
-
-
Target
SWIFT.exe
-
Size
906KB
-
MD5
c1a44897400ec5cf0490aed85d4197e6
-
SHA1
0d8aa3f390d8954b0019270379e9efc76b503b5d
-
SHA256
1287066c346dfbf02a56d3eee73cf960188ac339262f56b6fbf739873be52611
-
SHA512
65c9364d8f772217325790fc7dd29cfd63b5805c6a21440587b0d823f8efc6efc8b5c4badfdf1b6ee6be959aeb39b99a1c8fc7a26cbee5cb25aa88c836a1deec
-
SSDEEP
12288:n2iN+miovli7+VDfL+Wg6haFTMt4CUvADqjJ5n13y6+V3q5BbgqMO+K+Z0hZpMC:n1gIlia5DZg6haF4EXjr
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-