General
-
Target
SWIFT COPY..r00
-
Size
509KB
-
Sample
210421-18qqej2kea
-
MD5
f489aa535f8096ab6b278616ef4c4484
-
SHA1
b7a2ceeb2d7292aa509ad22f5599401134b90a33
-
SHA256
8e47a1d341da073d6d19310578ee44144f0d86d1b50613b631ec0a2688204ed1
-
SHA512
81c53807e0dfb7e6d1bdc55c4213d3a0ff1174a9bbc24cc3a4320135c8211bdbba952d18d82c8519d46e39d63ed1e824b5fb2aabc2d237fb5c458b9400a5b71c
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT COPY...exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SWIFT COPY...exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
a2plcpnl0347.prod.iad2.secureserver.net - Port:
587 - Username:
clifford@eximindiacorporation.com - Password:
Admin_123
Targets
-
-
Target
SWIFT COPY...exe
-
Size
599KB
-
MD5
aa3612d93d196644dd0f5a621727097b
-
SHA1
c67786490f9a2861d77518a0ca0ede5b5d2a97b6
-
SHA256
dc5b9ef8c3fcb0363be6ea97f1c887d9d346f2af506b6c818835d7f0d2e511f4
-
SHA512
cbe495818ea96c0497fda29a29f51729026f76beec1f0719db1bc53514ea70e33c6ac3bb732480e9956c457ab89c8da0a70f9a140452ba34ac9a692cc5c133d4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-