Overview

overview

10

Static

static

3

SWIFT.pdf.exe

windows7-x64

10

SWIFT.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7998f63698788983a274a8615a93e3a14153516e5c20eb8e94911ac6e14feb28_JC.rar

  • Size

    503KB

  • Sample

    230923-xj9g3ahg5v

  • MD5

    00d7041573e9cc613a622cbf1dc540b3

  • SHA1

    0014747fa87c4b90a9af8179690cf949f1e3654a

  • SHA256

    7998f63698788983a274a8615a93e3a14153516e5c20eb8e94911ac6e14feb28

  • SHA512

    4f2cb8a9bd5abc4752d1e38354588a3d5175aa1e1f8b96f99b3c21beb2622ff7bb2e01192e00549dad497fbc95869bbaedf6992f0c17c06e22996d2ba006a745

  • SSDEEP

    12288:rtraZapVCRcUecF1Q/YLR4zRXDAtTe196AMbB7RLWQ9Sy:9ah1VRiRXDAtqCfjSy

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SWIFT.pdf.exe

    • Size

      538KB

    • MD5

      4b16c4589ce3211b6f45051b5fb422b0

    • SHA1

      2b60d36184571a1bc35c335ab8941c2bdc7f02b2

    • SHA256

      ac04f04d01ae5428a8017be37d7d1352ad3212852c259d1a0e2f775969ecc36c

    • SHA512

      38796bb1952559726ed4f47344962fa8dd7b051b12266f9dbfc149b5262f99f24803416ef7986577021b96bc118b39d05c95be9830b1f29ffb23c33c751b5526

    • SSDEEP

      6144:Jf4NOk8oV/BR1z/8XIppg4P/l27t9mrvlRlOYADKgt5Q1OW4kXQAN2Tr3+oUSWXh:hi+9m7H2RqF4kXQf7WX42Yu26NCc6P

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks