General
-
Target
SWIFT COPY..rar
-
Size
631KB
-
Sample
210421-9cwgew7ywe
-
MD5
cf8fe5bfba132a425f4b79f1247e8554
-
SHA1
5054011a66631568144f5d0acffee8aa650a3962
-
SHA256
181ee3a7d7eed5331b58011e1088533b45734c5f7928dd4b4cc78ac3def5f90b
-
SHA512
959d55eefce98899ac3a73567569db28e6fc54ac3c73a64c80ff4efdbacbfc1ba0c33d2dfced06ee3b1099935cad1f7b2afa07a189a0af1e5400bdde1266c34e
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT COPY...exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SWIFT COPY...exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
a2plcpnl0347.prod.iad2.secureserver.net - Port:
587 - Username:
clifford@eximindiacorporation.com - Password:
Admin_123
Targets
-
-
Target
SWIFT COPY...exe
-
Size
1.1MB
-
MD5
4ffbdef1a2ed50222d02be2bacb1b430
-
SHA1
413ed0b09c751689bb51c728f4e499f48896c3f8
-
SHA256
26be424635368b25efdc9591a447642efc1213b8c39331d4e26635989eff0e00
-
SHA512
db193a41a90452700df8b7a22efc6213b73129264daf94abfbbb48cccbd091b4f5878d554681180eb100c3bff9aa6efadf4138e47dfef2f772a1741a3698e792
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-