General
-
Target
TT swift copy.exe
-
Size
568KB
-
Sample
211202-hks45sfde7
-
MD5
0335051e4313ffe85a082aea05e99220
-
SHA1
456db1c86a0298041657086fa50aea8e4a61f805
-
SHA256
20eeb51aa83842c159a0bd254fe994a9cc4bfd39a4b9e5135cdd1d7d5610055e
-
SHA512
b24f903825343a6344f36de795f3f353d22e8f549dafae1d7cc4178c8f5a28fd7c45429f083da70e584d99bcff75bc12c7463c1726a8ced32bb500e69a7b3bc2
Static task
static1
Behavioral task
behavioral1
Sample
TT swift copy.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
TT swift copy.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gcsenagency.com - Port:
587 - Username:
[email protected] - Password:
supt@3081#
Targets
-
-
Target
TT swift copy.exe
-
Size
568KB
-
MD5
0335051e4313ffe85a082aea05e99220
-
SHA1
456db1c86a0298041657086fa50aea8e4a61f805
-
SHA256
20eeb51aa83842c159a0bd254fe994a9cc4bfd39a4b9e5135cdd1d7d5610055e
-
SHA512
b24f903825343a6344f36de795f3f353d22e8f549dafae1d7cc4178c8f5a28fd7c45429f083da70e584d99bcff75bc12c7463c1726a8ced32bb500e69a7b3bc2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-