General
-
Target
TT swift copy.zip
-
Size
461KB
-
Sample
211203-ttpnvscab2
-
MD5
f4c20b54f09d98e83be75a927929b06c
-
SHA1
fb3910319edcb61e0347f26aa5b71895d505ee4b
-
SHA256
bf7a5b3e10b1a411a96b204eefc5b3af8365f6e8adb2bd4789e245de0b86f835
-
SHA512
2550ed1ed42dd64159f563b7df6c0f442a6f52c611c0634d969390a352ec9de5b50d33c0f34c46f8abb04cfca90c2d4566addb1842ac2afd5a3cb4bcc2e2752a
Static task
static1
Behavioral task
behavioral1
Sample
TT swift copy.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
TT swift copy.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gcsenagency.com - Port:
587 - Username:
[email protected] - Password:
supt@3081#
Targets
-
-
Target
TT swift copy.exe
-
Size
707KB
-
MD5
66a47771cf6a24772854d24852ef2ded
-
SHA1
443260e08c2defea3f8149702ddb1a29d872bb7d
-
SHA256
69eb327cfd6a8437a97d9b820c3806593c206c2f4bd7e617e1298313350c7e99
-
SHA512
e05c42da87827c55b30b1abe003e6cfded104436c645aef5dfdd469fcea155b473590a9d2cec165441945c7b36b66babf7bf46d18a12dde44f0e79011c5f256e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-