General
-
Target
SWIFT COPY...exe
-
Size
1.1MB
-
Sample
210421-zkxleje72s
-
MD5
4ffbdef1a2ed50222d02be2bacb1b430
-
SHA1
413ed0b09c751689bb51c728f4e499f48896c3f8
-
SHA256
26be424635368b25efdc9591a447642efc1213b8c39331d4e26635989eff0e00
-
SHA512
db193a41a90452700df8b7a22efc6213b73129264daf94abfbbb48cccbd091b4f5878d554681180eb100c3bff9aa6efadf4138e47dfef2f772a1741a3698e792
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT COPY...exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SWIFT COPY...exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
a2plcpnl0347.prod.iad2.secureserver.net - Port:
587 - Username:
clifford@eximindiacorporation.com - Password:
Admin_123
Targets
-
-
Target
SWIFT COPY...exe
-
Size
1.1MB
-
MD5
4ffbdef1a2ed50222d02be2bacb1b430
-
SHA1
413ed0b09c751689bb51c728f4e499f48896c3f8
-
SHA256
26be424635368b25efdc9591a447642efc1213b8c39331d4e26635989eff0e00
-
SHA512
db193a41a90452700df8b7a22efc6213b73129264daf94abfbbb48cccbd091b4f5878d554681180eb100c3bff9aa6efadf4138e47dfef2f772a1741a3698e792
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-