General
-
Target
Swift copyUSD47000.exe
-
Size
444KB
-
Sample
200707-2jmt81rjz6
-
MD5
ba3efad462a67b64b57a07f73ab18c4b
-
SHA1
3e233dcdac6f00af3594b3aa04a3f2c2ae9cfa78
-
SHA256
359202073aae173560c88009c27966e8f6a4bb3b05c48811f35dcf27b13ff0a0
-
SHA512
834c05b9b4e3ad0599271e11ae366dcdc88a10dfbf962e051a4fd5538a14581ebb17d414256f6ca56552a0a57d3804a4813fbe04a5a1dcb5d385d2e081356e94
Static task
static1
Behavioral task
behavioral1
Sample
Swift copyUSD47000.exe
Resource
win7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bulletlogistics.in - Port:
587 - Username:
[email protected] - Password:
I0B!A&7;-f!=
Targets
-
-
Target
Swift copyUSD47000.exe
-
Size
444KB
-
MD5
ba3efad462a67b64b57a07f73ab18c4b
-
SHA1
3e233dcdac6f00af3594b3aa04a3f2c2ae9cfa78
-
SHA256
359202073aae173560c88009c27966e8f6a4bb3b05c48811f35dcf27b13ff0a0
-
SHA512
834c05b9b4e3ad0599271e11ae366dcdc88a10dfbf962e051a4fd5538a14581ebb17d414256f6ca56552a0a57d3804a4813fbe04a5a1dcb5d385d2e081356e94
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-