General
-
Target
e53ebaf3d6439c81a040d91a045da2c581e1e421e1b54b9a21ec3f8478fdc35e
-
Size
565KB
-
Sample
220521-nyyjnshdhj
-
MD5
711c4df280a8f4a08c0698a60091a697
-
SHA1
f50ada7fbb26678635dfaf15af7340f71bb647fd
-
SHA256
e53ebaf3d6439c81a040d91a045da2c581e1e421e1b54b9a21ec3f8478fdc35e
-
SHA512
9df99fe0e5a411248aacd9f2efada553428ab2102ccc47e889fddab296017faf64bb6238d049bd94a3d6531c7f40a54071b7715deb7774b9f7ee31f2e68ed355
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.shreesationline.in - Port:
587 - Username:
hotels@shreesationline.in - Password:
H@)S13@#
Extracted
Protocol: smtp- Host:
smtp.shreesationline.in - Port:
587 - Username:
hotels@shreesationline.in - Password:
H@)S13@#
Targets
-
-
Target
Swift copy.exe
-
Size
603KB
-
MD5
e61d13d768b6cee71b90f986b8f3f557
-
SHA1
552dbc10a4d550cce7fb9c2d51ff7c18ae3205b2
-
SHA256
3d41242fab4a117631ff58106c78b5e788b67aadaada932f9cd7e7bf54dfbea8
-
SHA512
a0d822d9628385bbae41bec17f9de0f1afa7100b6f0b671b25b2fbcb3555079a7773f826219602369741aedb7acb2df2b2f30e455a0303ae7456daa6242e46cd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-