General
-
Target
Swift Copy.exe
-
Size
663KB
-
Sample
220706-fet35shaam
-
MD5
7aa98421090beffa073c2f070e29723a
-
SHA1
0b3bd0fabbc666c8c7909dfab7ed2341341c1ba5
-
SHA256
76ae629f574135613605c2f23ab6fa75e7169ee791a17db008bba683292b0312
-
SHA512
b31f032b1492d6c7fa32d8536a9d95a686b5c40cd8bd99281a9d1eb2cb3f25ce50a9dd87e5d3a7b4d627fbdcd3a02b5baa516f4cfd14fe2d2899972b94e0b74a
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift Copy.exe
Resource
win10-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
webmail.99pancakes.in - Port:
587 - Username:
hr@99pancakes.in - Password:
dfjhsru4798
Extracted
agenttesla
Protocol: smtp- Host:
webmail.99pancakes.in - Port:
587 - Username:
hr@99pancakes.in - Password:
dfjhsru4798 - Email To:
mestar@vivaldi.net
Targets
-
-
Target
Swift Copy.exe
-
Size
663KB
-
MD5
7aa98421090beffa073c2f070e29723a
-
SHA1
0b3bd0fabbc666c8c7909dfab7ed2341341c1ba5
-
SHA256
76ae629f574135613605c2f23ab6fa75e7169ee791a17db008bba683292b0312
-
SHA512
b31f032b1492d6c7fa32d8536a9d95a686b5c40cd8bd99281a9d1eb2cb3f25ce50a9dd87e5d3a7b4d627fbdcd3a02b5baa516f4cfd14fe2d2899972b94e0b74a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-