General
-
Target
Swift.exe
-
Size
64KB
-
Sample
230206-rtmhdsec95
-
MD5
c3dda199739ccc5699ea98f22eb1d0ba
-
SHA1
8ca42b38a4df27fbd18b060092009b1092f79932
-
SHA256
8cd3a69637a14aeb7a0db8c47a197e8cdee48d1c995b8ea848449b1f206a8d24
-
SHA512
828ebcaa0b8d7fbcb50768669921980ae389582ef25ea643541fa89a60d9c34639e170cc80eb378c56028b4ef1229141faa93f896b3c724f963139266c7c0dca
-
SSDEEP
768:M4OE/9oA9EfutLtTP44IuAgpjELM40LO6dusn04el:BOe9oA9EfKP4yFp+M40ymuL3l
Static task
static1
Behavioral task
behavioral1
Sample
Swift.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Swift.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/
Targets
-
-
Target
Swift.exe
-
Size
64KB
-
MD5
c3dda199739ccc5699ea98f22eb1d0ba
-
SHA1
8ca42b38a4df27fbd18b060092009b1092f79932
-
SHA256
8cd3a69637a14aeb7a0db8c47a197e8cdee48d1c995b8ea848449b1f206a8d24
-
SHA512
828ebcaa0b8d7fbcb50768669921980ae389582ef25ea643541fa89a60d9c34639e170cc80eb378c56028b4ef1229141faa93f896b3c724f963139266c7c0dca
-
SSDEEP
768:M4OE/9oA9EfutLtTP44IuAgpjELM40LO6dusn04el:BOe9oA9EfKP4yFp+M40ymuL3l
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-