General
-
Target
a7b896518c2fdbf9d11705a3bd40498ad8bcce14628cbd53d0f6573e7eb4d5e1
-
Size
401KB
-
Sample
220521-ncybsadea7
-
MD5
8296a56567646890563ea91a7819d74a
-
SHA1
5cb8900dd0015ea908f6ecc17e4251a1fdfe86fd
-
SHA256
a7b896518c2fdbf9d11705a3bd40498ad8bcce14628cbd53d0f6573e7eb4d5e1
-
SHA512
379d5755125c2ef13ef2e7141ad0d8ae7a8cd554e48107f1ce95e9d87598752d2498cb089ca717bf2299beb7c991a74f6040bce6a62a8f44f23b4542a71782fd
Static task
static1
Behavioral task
behavioral1
Sample
Swift-Copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift-Copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chukwudi123
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chukwudi123
Targets
-
-
Target
Swift-Copy.exe
-
Size
453KB
-
MD5
0143475673f7d2c7cf67f572d2ea0a85
-
SHA1
2e0b4d086f790c4a6a82c272959e8e03edb1e81e
-
SHA256
e41919d249e5accf006955d7b4a67f55ec3fcedd66283b25f9a220af94248150
-
SHA512
e18aa330682468d7251888a925d20f60bc13fae7c9b3c6b1b53989451d44aa7f3c6857dd9a1a62f4d892e41794ee0ddb8b09c988a30b0c1836f6fcaff3ece646
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-