General
-
Target
Swift209832.exe
-
Size
506KB
-
Sample
201126-3s83lzslhs
-
MD5
77f555fb641be688c931468dce8ebce1
-
SHA1
e122c2a58de70c1f6691afdd73b07cc74679a4c3
-
SHA256
045b92b336103f95c9a5acff35461d8eb69bbf9aaed8158787362e2853a50e4c
-
SHA512
30f897973bcf7bc77ead4163b3c2d177914c22d91a9027c7b452557a05d637e9625b5256f542550f92eb0ed912b1f2372a5586aeb8f9e5dc40de9580628e987f
Static task
static1
Behavioral task
behavioral1
Sample
Swift209832.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Swift209832.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
shakazoro@vivaldi.net - Password:
Password@123456789
Targets
-
-
Target
Swift209832.exe
-
Size
506KB
-
MD5
77f555fb641be688c931468dce8ebce1
-
SHA1
e122c2a58de70c1f6691afdd73b07cc74679a4c3
-
SHA256
045b92b336103f95c9a5acff35461d8eb69bbf9aaed8158787362e2853a50e4c
-
SHA512
30f897973bcf7bc77ead4163b3c2d177914c22d91a9027c7b452557a05d637e9625b5256f542550f92eb0ed912b1f2372a5586aeb8f9e5dc40de9580628e987f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-