Overview

overview

10

Static

static

INV_swift_...DF.exe

windows7-x64

10

INV_swift_...DF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INV_swift_copy_HSB03102022000000000000000PDF.cab

  • Size

    179KB

  • Sample

    221003-m9pkgadcgr

  • MD5

    0c1f425e54cb21d6edef53a2173a3165

  • SHA1

    a4b4439d92a55afb81fb8547f1168e4c5f97a80c

  • SHA256

    903ca81d536f4f88a9552b013dff9e3a0f84370593875575052f681f6f5f5ded

  • SHA512

    e33f907333b56eff708b8cf9de2a38c5f40a8f506b06c942eeee3891431d4aed197a4df2c87fc610c6e6826883ec068fb6b142975c7abffd8dc0b08078866cb6

  • SSDEEP

    3072:fASjbiIs5qlP0VSbJqo4wWp5JGfoZ49wWCZ/q3NF7nSo+6pNoTw3bKJ:fASjbPs5qlPaqqo49divCZ/q3NpSj6rM

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.botswlogistics.com
  • Port:
    587
  • Username:
    limitless@botswlogistics.com
  • Password:
    *(QSTCj8

Targets

    • Target

      INV_swift_copy_HSB03102022000000000000000PDF.exe

    • Size

      359KB

    • MD5

      6e5d443a7f5dccc55b847619195cce38

    • SHA1

      1f1b6d4b599ffdd2e79988311f509c0008f84d8f

    • SHA256

      fad6952d13fe03d8e9a8f04e8168be03ce0b8deb45de91123fa82ff890aafc5f

    • SHA512

      cbad6371167d51aef3f692ddb0a41000e04cd737aa64a7f95bfc676115df4fe8291a52f0e79f9d3449887571c017260e42eaf8e95e70b23be78a8089a2f9b7de

    • SSDEEP

      3072:xMDX5HiIs1qlP0ZSbJqU4wWp5JGfou49wWCZ/13NFJPqV+9wqY+mhhhmitqOCnq:x6JHPs1qlPyqqU49dFvCZ/13NoKi

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks