General
-
Target
6636069de87428b1b27fa6863952eb2a88608ddb5b298701751724143df482b2
-
Size
432KB
-
Sample
220521-btfrvacdh6
-
MD5
12055ec988517123061f9ab6cd79c33a
-
SHA1
76b6dda58335a790d46e644d11b6c517dc1efcfe
-
SHA256
6636069de87428b1b27fa6863952eb2a88608ddb5b298701751724143df482b2
-
SHA512
30345afce574cb4e7acf2bce3dc8f4c1401d5562f803138296d0f2eed1b5ac9635e05dbb47c3a6a4fb06560922a0f2100afbe913960ce19c344be1dd9ebf89ca
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift Copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
Swift Copy.exe
-
Size
503KB
-
MD5
561978ce5c5027ddd74ab9958c89569e
-
SHA1
dbf352dd70a714e9f1f0b03832c0eca8eab17754
-
SHA256
34604c450edccb519e89347afd87707ca455038abfc2cc0e5b2919a4a677f93c
-
SHA512
b262294b164202685a9a6cf4b829bc2e2db820a254315bc1386e080c3617212673300d93a076ccef1d28c5e2ff5769c2d46eb1296a731e7edfaaaad0f6f14ca3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-