General
-
Target
Swift copy.exe
-
Size
482KB
-
Sample
211021-ds37vshge4
-
MD5
fd3eba12a7152d8db63aabe18cc4dabf
-
SHA1
60993033d749b95b89604cb776f5606dbb77fc47
-
SHA256
3bd0fd9a08763582606b71a86c2bb4a4fc178559e2ac4e3b9ac999bdc95d65b1
-
SHA512
d0ccbfbeb6e603984100d002885ef3aff22c1196b7a2819872f9abbe8450c538d6cda6f719be4c42d981df9b48b2b1f670bd828885db32382cb69f2150e15eba
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Swift copy.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
ken@kengrouco.xyz - Password:
Everest10
Targets
-
-
Target
Swift copy.exe
-
Size
482KB
-
MD5
fd3eba12a7152d8db63aabe18cc4dabf
-
SHA1
60993033d749b95b89604cb776f5606dbb77fc47
-
SHA256
3bd0fd9a08763582606b71a86c2bb4a4fc178559e2ac4e3b9ac999bdc95d65b1
-
SHA512
d0ccbfbeb6e603984100d002885ef3aff22c1196b7a2819872f9abbe8450c538d6cda6f719be4c42d981df9b48b2b1f670bd828885db32382cb69f2150e15eba
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-