General
-
Target
430b6c5f31a43d35674c8f627bbd14dbf970cbf961119386da4d9fddfc7ca678
-
Size
379KB
-
Sample
220708-aepwjabfd5
-
MD5
467a76dfe283886992048e4a29438667
-
SHA1
415976ebab3288e80e8f04be0da6957628f2900d
-
SHA256
430b6c5f31a43d35674c8f627bbd14dbf970cbf961119386da4d9fddfc7ca678
-
SHA512
885e3bf44c329eb38f18084723225532cb682bc19378e754acaac0693a3e9c70380e116970900863e4e1712efdcf057b5f5fb048b09af49df61548ba946c6181
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Swift Copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
janet_maldonado@taiemerica.com - Password:
JuCbr%o3
Targets
-
-
Target
Swift Copy.exe
-
Size
461KB
-
MD5
7c4e3e90c83dc1ce60a34ca9a1cb5fbd
-
SHA1
45cd96b6273430c6540fd51b811d46c1ca192d2e
-
SHA256
0fabbaf7f8ad7af3888aa77b2e376db74390064ea8eea0c54fee59fdc2cd54c8
-
SHA512
c79b983f7d84be227f6741bbe0b2cc73bcdb800528d898e52c4030a468c980a5b46a7c01c16a9bf7d78fd855a7982d525c562a04e5cc7804e0abdd585e700523
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-