General
-
Target
9bb020187ac139f02d3cc3666e8562ef2cd29f11f5d1a1fe2c6b532046f687aa
-
Size
320KB
-
Sample
220521-cxtnjshgaj
-
MD5
40811ddf456d68875962b5464bb8910b
-
SHA1
1406dfcf75cae5a7c5623186bfe3fd7024f6d7ba
-
SHA256
9bb020187ac139f02d3cc3666e8562ef2cd29f11f5d1a1fe2c6b532046f687aa
-
SHA512
947ef6a6688707da7982ed5f1bf2fdce0537e5e72e4daa7deff3221f80f01af3322bf0b1b5c2d99e24d1774bde50bd2262bfa0657f697fc001bc8a3c37e7c569
Static task
static1
Behavioral task
behavioral1
Sample
Swift.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
js}$_IlwF1q4
Targets
-
-
Target
Swift.exe
-
Size
385KB
-
MD5
5a4e899e1f72d8036da67d3840d24a89
-
SHA1
138d2f78425306696c78f22d4ee83323f6af7a10
-
SHA256
3080bf75b34e9b440154d8f35f7e8c5bd111995869118a093f81b56583f7c03b
-
SHA512
9bd07135e613239c980418e703e4655a6239119dea0373188b0e6847dfe0e034726e1c3274aabe1cda5d855857dd9da08e8614b379fd4de0ab0728c16a270d45
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-