General
-
Target
Swift Copy.exe
-
Size
1.3MB
-
Sample
200624-4hmr8c99x2
-
MD5
60e4981cf8ab5329b2616f84757822f8
-
SHA1
f040eac652c22818549bdf5607be56e4e4cb03e7
-
SHA256
1c5653f7880f54b86f76ab009eb9775f3596d89e836d3d9bdb3c921612cb845b
-
SHA512
75a30df4fbd56e0f61502c4e8f4c367e103c24acf51c39b714570c1b521ad534082089f20da3ed849852319528f4873dd631142cfbe85ca657f352fcfb66cee0
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Swift Copy.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
goksal.sir@prosoftelektrik.com - Password:
Wm^kN*!7
Targets
-
-
Target
Swift Copy.exe
-
Size
1.3MB
-
MD5
60e4981cf8ab5329b2616f84757822f8
-
SHA1
f040eac652c22818549bdf5607be56e4e4cb03e7
-
SHA256
1c5653f7880f54b86f76ab009eb9775f3596d89e836d3d9bdb3c921612cb845b
-
SHA512
75a30df4fbd56e0f61502c4e8f4c367e103c24acf51c39b714570c1b521ad534082089f20da3ed849852319528f4873dd631142cfbe85ca657f352fcfb66cee0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-