General
-
Target
SWIFT COPY...exe
-
Size
599KB
-
Sample
210421-6gyp7mxsf2
-
MD5
aa3612d93d196644dd0f5a621727097b
-
SHA1
c67786490f9a2861d77518a0ca0ede5b5d2a97b6
-
SHA256
dc5b9ef8c3fcb0363be6ea97f1c887d9d346f2af506b6c818835d7f0d2e511f4
-
SHA512
cbe495818ea96c0497fda29a29f51729026f76beec1f0719db1bc53514ea70e33c6ac3bb732480e9956c457ab89c8da0a70f9a140452ba34ac9a692cc5c133d4
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT COPY...exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SWIFT COPY...exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
a2plcpnl0347.prod.iad2.secureserver.net - Port:
587 - Username:
clifford@eximindiacorporation.com - Password:
Admin_123
Targets
-
-
Target
SWIFT COPY...exe
-
Size
599KB
-
MD5
aa3612d93d196644dd0f5a621727097b
-
SHA1
c67786490f9a2861d77518a0ca0ede5b5d2a97b6
-
SHA256
dc5b9ef8c3fcb0363be6ea97f1c887d9d346f2af506b6c818835d7f0d2e511f4
-
SHA512
cbe495818ea96c0497fda29a29f51729026f76beec1f0719db1bc53514ea70e33c6ac3bb732480e9956c457ab89c8da0a70f9a140452ba34ac9a692cc5c133d4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-