General
-
Target
SWIFT.exe
-
Size
921KB
-
Sample
221208-lc2m4ahe54
-
MD5
b5bc19319a968c7c0ed17754eba4f0bf
-
SHA1
cf11eb80990f6925d6c8cb19547f32df129d7eea
-
SHA256
f5c710060042d56e8e18e0d42256a4959c8d5529f8ea90e8e3084a742a9027f4
-
SHA512
f5747b0cf342acae1bf87028fee711119a87b4ec03aeac68389ff6dca4fd8704ed12ad3a932016c82bd8743f7e5bc0440a8e115925e22cc59ca9b342b2ec0107
-
SSDEEP
12288:E2IMOgHGPtdUArpY+ZmBjHUk+qj5DgL1RBVJuzZJv84gm786nazru/aK3o3DX:VIDgml9VhZmBHfg5iDvxPLnazrupk
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SWIFT.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ardsmmm.com - Port:
587 - Username:
ebru@ardsmmm.com - Password:
Ard2015** - Email To:
agolfengr@gmail.com
Targets
-
-
Target
SWIFT.exe
-
Size
921KB
-
MD5
b5bc19319a968c7c0ed17754eba4f0bf
-
SHA1
cf11eb80990f6925d6c8cb19547f32df129d7eea
-
SHA256
f5c710060042d56e8e18e0d42256a4959c8d5529f8ea90e8e3084a742a9027f4
-
SHA512
f5747b0cf342acae1bf87028fee711119a87b4ec03aeac68389ff6dca4fd8704ed12ad3a932016c82bd8743f7e5bc0440a8e115925e22cc59ca9b342b2ec0107
-
SSDEEP
12288:E2IMOgHGPtdUArpY+ZmBjHUk+qj5DgL1RBVJuzZJv84gm786nazru/aK3o3DX:VIDgml9VhZmBHfg5iDvxPLnazrupk
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-