swift copy.zip

General
Target

swift copy.zip

Size

746KB

Sample

201201-lbk71xggyx

Score
10 /10
MD5

6dc84a743d5c070d76df2c5f7928bb77

SHA1

ddaf7a0a1bd4a9591b2e0fc2785f5e1bd9aef613

SHA256

2ba9db3110899e60daeecb086d4f53adc1cfab127820db3d230c383e74f7172c

SHA512

738dc6a2a136bcf8ee8535db8e13eb1c47c3b93579fbd34eb3783e1515e100d11c93395423263624f4172e93f3cbb0f64d2ce69460ae699f0798e23bfd8060ea

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.polimeter.com

Port: 587

Username: info@polimeter.com

Password: 5337776740

Targets
Target

swift copy.exe

MD5

61103d8d0d139971f7f2b81715156a73

Filesize

789KB

Score
10 /10
SHA1

42d579f94d175c121434512b1675b6c4b84cf72b

SHA256

9d626bb9d442d3762e5366f0fbefae41708936b9c254141fcf3b0a1b80291ebb

SHA512

c7c4f3a5eb87a835290973478015b4baeb83a60163968d0a9856420862297855a2a4f4f1f81e6bc44563274b34651cbe9e01db60a0708108a8f3549dc8d0893f

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks