General
-
Target
ac80141208e2e1f589df290c82c3bd6cb5e3eb2140795ba5aead57af36d12f15
-
Size
576KB
-
Sample
220521-nblllagecp
-
MD5
582a822eeb8469d3f073834d607ec5a6
-
SHA1
9ba47c36fd83e3def166a21f0f7d549e65251eb9
-
SHA256
ac80141208e2e1f589df290c82c3bd6cb5e3eb2140795ba5aead57af36d12f15
-
SHA512
671ae8bea15d3fa778e12bc64a6b6a15b002d4f9df3ae4e2760f584d789751eb053c155ba43593854d52349ef11419b04387f9814fbb5cce4e066b9ba907a480
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dicera.com - Port:
587 - Username:
SalestoEurope@dicera.com - Password:
796147
Targets
-
-
Target
Swift copy.exe
-
Size
754KB
-
MD5
07c4b11a9ae9fa3e3aaf32d4573ed3d0
-
SHA1
10cc46bddfba53ee47579252672470f84a3e3853
-
SHA256
ac91a92482a83fc39b66e0e3f6c46839fd77d16316c38830a9921ca707e824af
-
SHA512
92cbfe7748ec29b1ee860a4e7fbfa9385b37b91ca5771cd1e92884c9085f8882f6d14805b4cd8c4daeb975b3c518a9ada92419b91b5f3ea5e0047d135ff1e461
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-