General
-
Target
SWIFT REFERENCE.exe
-
Size
595KB
-
Sample
221125-bnyepseh4z
-
MD5
ce1dffef051c2ce170cf5c5a83394021
-
SHA1
b7e89456fdf93efb3211d83a7ee4654bf9056bec
-
SHA256
927bf1f7d51aacd7c7e504a0dd55f933b0cf845fa76dbe28740689c1aadb79c1
-
SHA512
05c0bfcc146422724c95fcaaafa8b549adcc77b88b02c4593c80e3355b711f0bd9aa39d496b1c639905375a494b6d0e31f07cd8e02b14bbe28af534424f975cc
-
SSDEEP
12288:Mx3CupUoQ7IMwM8azw/lEpWt6XIZSABfUnnaDe84Km6/LKgupsQ8v4q483Z7i3EW:U6XIZSuUnagZ6/cg4nIlPW
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT REFERENCE.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SWIFT REFERENCE.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orogenicgroup-bd.com - Port:
587 - Username:
[email protected] - Password:
Hossain$3400 - Email To:
[email protected]
Targets
-
-
Target
SWIFT REFERENCE.exe
-
Size
595KB
-
MD5
ce1dffef051c2ce170cf5c5a83394021
-
SHA1
b7e89456fdf93efb3211d83a7ee4654bf9056bec
-
SHA256
927bf1f7d51aacd7c7e504a0dd55f933b0cf845fa76dbe28740689c1aadb79c1
-
SHA512
05c0bfcc146422724c95fcaaafa8b549adcc77b88b02c4593c80e3355b711f0bd9aa39d496b1c639905375a494b6d0e31f07cd8e02b14bbe28af534424f975cc
-
SSDEEP
12288:Mx3CupUoQ7IMwM8azw/lEpWt6XIZSABfUnnaDe84Km6/LKgupsQ8v4q483Z7i3EW:U6XIZSuUnagZ6/cg4nIlPW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-