General
-
Target
Swift Copy_394349.img
-
Size
60KB
-
Sample
221101-nnf7msbdh5
-
MD5
3cb7995eac2995c7a7221f6defc211f8
-
SHA1
62e6dc51c147327079f7ce1ec74be0b97af6be14
-
SHA256
1f72d62d0dc796897349974073d06f75278fd9824a83e78792ef598e7345af70
-
SHA512
6b786d1571b07b5dfd5a11931fb3f0b2ee373759374567dc1c2d79d62207d2764067b36fcad3f14a20cfd5e86beead0774862ead82a019f5aaea91ba99414d49
-
SSDEEP
192:E4X1w+zIHTL5OIU3/N38stYcFmVc03KY:E4XdczL5OIe3ptYcFmVc03K
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy_394349.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Swift Copy_394349.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Swift Copy_394349.exe
-
Size
9KB
-
MD5
468ae9ce007c37bddd12ca164b0e5755
-
SHA1
9fa75e7e6ad0146ca02962e94b3003bbb9f27525
-
SHA256
a896f8c6f032d59af2c92b4ce005b141b8cd396dcb1a527ce5b8b04929004471
-
SHA512
5779a4c0a0d01118945c06556d1473fc756ebb10e1402c0562d50b86ccd9d20c6048c04eb33f98392d8ca33aed5915c09e5201a1e1ca5ff5f853dadb651d684a
-
SSDEEP
192:l4X1w+zIHTL5OIU3/N38stYcFmVc03KY:l4XdczL5OIe3ptYcFmVc03K
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-