General
-
Target
Swift Copy.exe
-
Size
1.4MB
-
Sample
200624-ekqhk75skj
-
MD5
113dd222f32f0296e2666da5a76e90f5
-
SHA1
1fbd1f1a7aabdfbd17fb0b9da6acb02ec153a794
-
SHA256
745110c4c62b046770c913cb9c5760e4728047f6ccf08fcdac12f8c3f9ac0be1
-
SHA512
5f3ded52643cb52d4063f89f0868a17359eb74c5aeb9441404ab96c3ac9063cdcd30bd4335e4baae274091c8933ed47d649c9fc25f3563443a792dd91fd70cb4
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7
Behavioral task
behavioral2
Sample
Swift Copy.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
gokan.burulday@prosoftelektrik.com - Password:
ad%xWZ!7
Targets
-
-
Target
Swift Copy.exe
-
Size
1.4MB
-
MD5
113dd222f32f0296e2666da5a76e90f5
-
SHA1
1fbd1f1a7aabdfbd17fb0b9da6acb02ec153a794
-
SHA256
745110c4c62b046770c913cb9c5760e4728047f6ccf08fcdac12f8c3f9ac0be1
-
SHA512
5f3ded52643cb52d4063f89f0868a17359eb74c5aeb9441404ab96c3ac9063cdcd30bd4335e4baae274091c8933ed47d649c9fc25f3563443a792dd91fd70cb4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-