General
-
Target
Swift Copy.exe
-
Size
1.3MB
-
Sample
200624-1qqje6b6pa
-
MD5
d4bd91849b8f43bd0b1480dbb0f188e6
-
SHA1
fe51787ba8b33b67fed62a3cc73123064774882c
-
SHA256
bfefac71337cac5e66779e74fe6ba571620329ff9da8d7ce21999d90b46bcdb9
-
SHA512
a9978a1aa90dda5c42ed425785bd3199df91a8f4a3224de27e081f4af72a7271c7adb3050b69e9163ae55618430710e1c52c7b5dc732c13798f40dec80220c14
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Swift Copy.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
export5@fufeng-grooup.com - Password:
K$pbkEK0
Targets
-
-
Target
Swift Copy.exe
-
Size
1.3MB
-
MD5
d4bd91849b8f43bd0b1480dbb0f188e6
-
SHA1
fe51787ba8b33b67fed62a3cc73123064774882c
-
SHA256
bfefac71337cac5e66779e74fe6ba571620329ff9da8d7ce21999d90b46bcdb9
-
SHA512
a9978a1aa90dda5c42ed425785bd3199df91a8f4a3224de27e081f4af72a7271c7adb3050b69e9163ae55618430710e1c52c7b5dc732c13798f40dec80220c14
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-