General
-
Target
Swift Copy.pdf.exe
-
Size
889KB
-
Sample
210511-g1mr7r3qms
-
MD5
dd2eb46743bf230998439673e3deba99
-
SHA1
4871d34e0db77e32f627e74b92e9a9fbdef7a21a
-
SHA256
ab417e35533138c082445ac1997401837c2be3af4527860f3b5c30dcabd325cb
-
SHA512
9ddf626833dc5551ad869214590c23b11e8ca16bc37959608c960f283bfef027b451a8f7fabff9d0678d24cabf2de12a509c8a75e524643cf29faf2a1d275b33
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Swift Copy.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saudimedlabexpo.com - Port:
587 - Username:
info@saudimedlabexpo.com - Password:
]dTqP-]^T]Pt
Targets
-
-
Target
Swift Copy.pdf.exe
-
Size
889KB
-
MD5
dd2eb46743bf230998439673e3deba99
-
SHA1
4871d34e0db77e32f627e74b92e9a9fbdef7a21a
-
SHA256
ab417e35533138c082445ac1997401837c2be3af4527860f3b5c30dcabd325cb
-
SHA512
9ddf626833dc5551ad869214590c23b11e8ca16bc37959608c960f283bfef027b451a8f7fabff9d0678d24cabf2de12a509c8a75e524643cf29faf2a1d275b33
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-