Overview

overview

10

Static

static

INV_swift_...DF.exe

windows7-x64

10

INV_swift_...DF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INV_swift_copy_HSB03102022000000000000000PDF.exe

  • Size

    359KB

  • Sample

    221003-m989wadcc8

  • MD5

    6e5d443a7f5dccc55b847619195cce38

  • SHA1

    1f1b6d4b599ffdd2e79988311f509c0008f84d8f

  • SHA256

    fad6952d13fe03d8e9a8f04e8168be03ce0b8deb45de91123fa82ff890aafc5f

  • SHA512

    cbad6371167d51aef3f692ddb0a41000e04cd737aa64a7f95bfc676115df4fe8291a52f0e79f9d3449887571c017260e42eaf8e95e70b23be78a8089a2f9b7de

  • SSDEEP

    3072:xMDX5HiIs1qlP0ZSbJqU4wWp5JGfou49wWCZ/13NFJPqV+9wqY+mhhhmitqOCnq:x6JHPs1qlPyqqU49dFvCZ/13NoKi

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.botswlogistics.com
  • Port:
    587
  • Username:
    limitless@botswlogistics.com
  • Password:
    *(QSTCj8

Targets

    • Target

      INV_swift_copy_HSB03102022000000000000000PDF.exe

    • Size

      359KB

    • MD5

      6e5d443a7f5dccc55b847619195cce38

    • SHA1

      1f1b6d4b599ffdd2e79988311f509c0008f84d8f

    • SHA256

      fad6952d13fe03d8e9a8f04e8168be03ce0b8deb45de91123fa82ff890aafc5f

    • SHA512

      cbad6371167d51aef3f692ddb0a41000e04cd737aa64a7f95bfc676115df4fe8291a52f0e79f9d3449887571c017260e42eaf8e95e70b23be78a8089a2f9b7de

    • SSDEEP

      3072:xMDX5HiIs1qlP0ZSbJqU4wWp5JGfou49wWCZ/13NFJPqV+9wqY+mhhhmitqOCnq:x6JHPs1qlPyqqU49dFvCZ/13NoKi

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks