General
-
Target
swift copy.pdf.z
-
Size
504KB
-
Sample
210728-xkgn4ka62e
-
MD5
0ec7f5c7ec4621cb1f629baae946377f
-
SHA1
71a2ba24678adb95b368a4c11c86bf00d8da0122
-
SHA256
6a61427fa26132640faa4616ef57d8d13785f8f73e2697720e036da63c7acdf3
-
SHA512
1a6cfa1e0e1e71e1d14626c0e381ffc771e8cb107c1d1e3db5953b0f7698008d653a5936733d6e793d3af8072d72fe3a44bed97b434ea9cb3ab26263f18b8fab
Static task
static1
Behavioral task
behavioral1
Sample
swift copy.pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
swift copy.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kenmascs.com - Port:
587 - Username:
[email protected] - Password:
Kenya254!
Targets
-
-
Target
swift copy.pdf.exe
-
Size
742KB
-
MD5
d18634c6f1eda281e774e901f6ac85fe
-
SHA1
7f2b6fd27c28fbcc724bd8cb6e19fa70c5fb27ca
-
SHA256
e4161228e6d0834d34f12745d57902d9f98a0a6302811b094189a4f9a708a365
-
SHA512
8d9c060da8a4f9abf6e4565ebdb7b7f6e264933ea05df26ad48c53b659c6f1c0e93bd0dd4fd7a4cb0994d3f9b1ba7731412767310722d3dd334ebdb4f6a98022
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-