swift copy.pdf.z

General
Target

swift copy.pdf.z

Size

504KB

Sample

210728-xkgn4ka62e

Score
10 /10
MD5

0ec7f5c7ec4621cb1f629baae946377f

SHA1

71a2ba24678adb95b368a4c11c86bf00d8da0122

SHA256

6a61427fa26132640faa4616ef57d8d13785f8f73e2697720e036da63c7acdf3

SHA512

1a6cfa1e0e1e71e1d14626c0e381ffc771e8cb107c1d1e3db5953b0f7698008d653a5936733d6e793d3af8072d72fe3a44bed97b434ea9cb3ab26263f18b8fab

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.kenmascs.com

Port: 587

Username: info@kenmascs.com

Password: Kenya254!

Targets
Target

swift copy.pdf.exe

MD5

d18634c6f1eda281e774e901f6ac85fe

Filesize

742KB

Score
10 /10
SHA1

7f2b6fd27c28fbcc724bd8cb6e19fa70c5fb27ca

SHA256

e4161228e6d0834d34f12745d57902d9f98a0a6302811b094189a4f9a708a365

SHA512

8d9c060da8a4f9abf6e4565ebdb7b7f6e264933ea05df26ad48c53b659c6f1c0e93bd0dd4fd7a4cb0994d3f9b1ba7731412767310722d3dd334ebdb4f6a98022

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks