General
-
Target
df7e0727a02af0009d47c5b3c978b511c7e1079da8b1c29b15650fdccab203a6
-
Size
689KB
-
Sample
240612-cd8claycmf
-
MD5
c0cfb4564f58f95f4f451c906075545c
-
SHA1
054601b9ebe4ad53d001cf826039c9c805675dc7
-
SHA256
df7e0727a02af0009d47c5b3c978b511c7e1079da8b1c29b15650fdccab203a6
-
SHA512
6511288dfa7361e6d7ced7ba443aa86e6431173607905dd54cdce3e578dbd1c9237dcf71a95c49bba600fc5c598fe2152343606b71437f478ca347dbcdd23db1
-
SSDEEP
12288:rOidIlbPNLgEDIu8VQrXrrQWcqbINiigM7PnaQSzBbBAH0YbX6gUTAPgnQCp:rTd8EEDWQ7ApqbIsigMLLSF1K0YugO4E
Static task
static1
Behavioral task
behavioral1
Sample
Swift Advice.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.albushrametalic.com - Port:
587 - Username:
[email protected] - Password:
GLBL1285# - Email To:
[email protected]
Targets
-
-
Target
Swift Advice.exe
-
Size
751KB
-
MD5
e6b7493437b908e9d81f7aa0c477fa60
-
SHA1
3cf0249d2239a9b73146e505d3a09d350f43ff3d
-
SHA256
2ca6ab9b5571aef408c1f47e4a3802834283b97fd2a75c0e6f675d92fe2b322f
-
SHA512
148696e8bd3da3f7ed504e8ea4c4bef6dade456863451c553eafae0231ee978bc621730c0770f4e3cd25a3716e36938c80a31fa8d5a12eb318ab20f8e062f44d
-
SSDEEP
12288:8qxcZsfQrHrrQWoqbINii6MvPNaQSzBfBAl0YBMpACR5leZlNm:iZUQjALqbIsi6MHlSF5e0YKpA+erY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-