General
-
Target
7ce5a8071d7c45dc7572fa4d7334d4d4bca1141adca67e3ce2418ffb66f03d44
-
Size
532KB
-
Sample
220521-ake9aadcdl
-
MD5
5ef67ee2f2c6b90f6e6e6b65d2dfd2b4
-
SHA1
9e88290c8a97a8e22d49b42f3c5f8d4d2c41c6ba
-
SHA256
7ce5a8071d7c45dc7572fa4d7334d4d4bca1141adca67e3ce2418ffb66f03d44
-
SHA512
6187f0f9805be05ed86c0b51bf21371048aaba8791d0dfb2ab68c21566d3993e453337cdbf0b516cc09222ac0d715f9d8fd6908e3313cfab762de04d5404c2f6
Static task
static1
Behavioral task
behavioral1
Sample
swift_copy3454.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
swift_copy3454.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
killdemall007
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
killdemall007
Targets
-
-
Target
swift_copy3454.exe
-
Size
630KB
-
MD5
4c657846ed40a1667371a91c1d687738
-
SHA1
2c4f2e14d341d08ccb1e463398eca58d4a099c6d
-
SHA256
75c29457b31b7fe65d41954b49ab9a57120fe096d923332237e8dd5a43e70164
-
SHA512
695146c5282d1ed8af299bcc9dd0ddc2642e579c87ede549fc50931c6086105e54db3d809980d98cecb40033116fb6039c68aa57eec11845026abf8f1c2129fa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-