General
-
Target
b297ef7267a2cb1143bbdeaffd48489afd9a9a7a0ea71f54f1f16b7679e9efab
-
Size
421KB
-
Sample
220521-n1l9esede8
-
MD5
6d3a36f36192c21d8996a5c404533a87
-
SHA1
1097119d99e96a6c079986fdc56399b1cf7f5923
-
SHA256
b297ef7267a2cb1143bbdeaffd48489afd9a9a7a0ea71f54f1f16b7679e9efab
-
SHA512
cc9171acf78eb60de8706417f38df543f6b33a66c197baa3b843949c6a67a5a3282968f85584d557f87a48849c9f3b287e5ed6052f2f389affbc77e2512a6790
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
ogb.oils@yandex.com - Password:
Simple262627
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
ogb.oils@yandex.com - Password:
Simple262627
Targets
-
-
Target
Swift copy.exe
-
Size
768KB
-
MD5
ca08439c060f254e069da657befddbb8
-
SHA1
a5c5e24771ff19dceb24c98738d4a96a89a09ceb
-
SHA256
a9745e8d252f9c77ae5e4fae3f650e680956eea8d9d1c578a854499a0edadef9
-
SHA512
bf4c3f3c50387f24f33a0288173d2f810730d9cd54da2010aea65183306d0d2311553a27ac9218c422f74e817995831fcddbc84dda00bfa5bb6c74bbe6ab84c7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-