General
-
Target
TT swift copy.exe
-
Size
707KB
-
Sample
211203-cqp2sagge4
-
MD5
66a47771cf6a24772854d24852ef2ded
-
SHA1
443260e08c2defea3f8149702ddb1a29d872bb7d
-
SHA256
69eb327cfd6a8437a97d9b820c3806593c206c2f4bd7e617e1298313350c7e99
-
SHA512
e05c42da87827c55b30b1abe003e6cfded104436c645aef5dfdd469fcea155b473590a9d2cec165441945c7b36b66babf7bf46d18a12dde44f0e79011c5f256e
Static task
static1
Behavioral task
behavioral1
Sample
TT swift copy.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
TT swift copy.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gcsenagency.com - Port:
587 - Username:
support@gcsenagency.com - Password:
supt@3081#
Targets
-
-
Target
TT swift copy.exe
-
Size
707KB
-
MD5
66a47771cf6a24772854d24852ef2ded
-
SHA1
443260e08c2defea3f8149702ddb1a29d872bb7d
-
SHA256
69eb327cfd6a8437a97d9b820c3806593c206c2f4bd7e617e1298313350c7e99
-
SHA512
e05c42da87827c55b30b1abe003e6cfded104436c645aef5dfdd469fcea155b473590a9d2cec165441945c7b36b66babf7bf46d18a12dde44f0e79011c5f256e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-