General
-
Target
Swift advice.zip
-
Size
451KB
-
Sample
211203-tj1y5shaaq
-
MD5
00bf9b6dc2c5509e2b85fd6638fcbf2d
-
SHA1
d56da1f3a5f5f10cc487024f7d15274fd62cbc76
-
SHA256
3461be179834fdf1b7271efa9b53e659fdbbda0360cb7a6afc3feae6d113062e
-
SHA512
d7756a7440460d74456e14b6e7b639ef0c8c5409a12cdd7a721860c4e54874b94e779c31266815fb2ee55db58ecad2143b53c290c4e07f91d86cc6a2db039e0e
Static task
static1
Behavioral task
behavioral1
Sample
Swift advice.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Swift advice.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ananthasuites.com - Port:
587 - Username:
[email protected] - Password:
Anantha225@#
Targets
-
-
Target
Swift advice.exe
-
Size
554KB
-
MD5
806b37f909371d495e99e3e8ed226db7
-
SHA1
88bee8748a329ba78d63f435b5d17b6a03dcaf12
-
SHA256
52ed6cb16a2e40d034aaa76324718eadced0ec69c9b0cf96200d37c3a80e664e
-
SHA512
f67fc8fa2930bf777292d3fbd959d78aac0ffe526b342c407f712fd8d6c01eba63ae3e4323770c9a4f0daccdc06f449842fac134f951bd42c4764908de703a6f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-