Overview

overview

10

Static

static

Swift copy.exe

windows7_x64

10

Swift copy.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b297ef7267a2cb1143bbdeaffd48489afd9a9a7a0ea71f54f1f16b7679e9efab

  • Size

    421KB

  • Sample

    220521-n1l9esede8

  • MD5

    6d3a36f36192c21d8996a5c404533a87

  • SHA1

    1097119d99e96a6c079986fdc56399b1cf7f5923

  • SHA256

    b297ef7267a2cb1143bbdeaffd48489afd9a9a7a0ea71f54f1f16b7679e9efab

  • SHA512

    cc9171acf78eb60de8706417f38df543f6b33a66c197baa3b843949c6a67a5a3282968f85584d557f87a48849c9f3b287e5ed6052f2f389affbc77e2512a6790

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    ogb.oils@yandex.com
  • Password:
    Simple262627

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    ogb.oils@yandex.com
  • Password:
    Simple262627

Targets

    • Target

      Swift copy.exe

    • Size

      768KB

    • MD5

      ca08439c060f254e069da657befddbb8

    • SHA1

      a5c5e24771ff19dceb24c98738d4a96a89a09ceb

    • SHA256

      a9745e8d252f9c77ae5e4fae3f650e680956eea8d9d1c578a854499a0edadef9

    • SHA512

      bf4c3f3c50387f24f33a0288173d2f810730d9cd54da2010aea65183306d0d2311553a27ac9218c422f74e817995831fcddbc84dda00bfa5bb6c74bbe6ab84c7

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks