General
-
Target
Swife copy of payment.exe
-
Size
512KB
-
Sample
211021-p1r1cabbfk
-
MD5
d63d0f4bdc8b3497aac76a2598c714e3
-
SHA1
25694ab970b05b0018dc557ca9a2c82b31394fd5
-
SHA256
2cb3f499c692ecb5c2833f84273954d7bf63bbd3ea3d43c8f5e46a1c57da30f8
-
SHA512
510999ff7d723855e986e506776045eb70151c0d3713fec4d71e86f64c3413bb624df604a59ff6e7c9d4d12fd2be07e763d8af472e1d3335968661839737d39d
Static task
static1
Behavioral task
behavioral1
Sample
Swife copy of payment.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Swife copy of payment.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
ken@kengrouco.xyz - Password:
Everest10
Targets
-
-
Target
Swife copy of payment.exe
-
Size
512KB
-
MD5
d63d0f4bdc8b3497aac76a2598c714e3
-
SHA1
25694ab970b05b0018dc557ca9a2c82b31394fd5
-
SHA256
2cb3f499c692ecb5c2833f84273954d7bf63bbd3ea3d43c8f5e46a1c57da30f8
-
SHA512
510999ff7d723855e986e506776045eb70151c0d3713fec4d71e86f64c3413bb624df604a59ff6e7c9d4d12fd2be07e763d8af472e1d3335968661839737d39d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-