Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Swift_Copy.exe

windows7-x64

10

Swift_Copy.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift_Copy.zip

  • Size

    308KB

  • Sample

    230516-ljsnrscb79

  • MD5

    7ff540eb44a0eadcd715858644a500c0

  • SHA1

    6db1a0796c1d9879299b2d261ca2c7de926a12b4

  • SHA256

    7ddacf946c3de29255d826fbce407672c991285e15bf4a0e33f28561847b7d6f

  • SHA512

    1554cd6d0ebe916d87b1d0fb00edab802f080abd55f2fc2c875eb3b5c68993a613498ca9562a45d1313bf776075315ee7e1e027c9689c9882d7f890010976b28

  • SSDEEP

    6144:urxP0YmmfZmDH1lAbYL6oVrCeFseUEorIgYLB8zh2kOw3xFhO5eLevNsWrl1b4dy:uVPVZoGbOMBeBge8/hF1CvNdrl1b4g

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.thereccorp.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    O@123456

Targets

    • Target

      Swift_Copy.exe

    • Size

      436KB

    • MD5

      a3cda996e2b93785deeac0dae2f6cbe6

    • SHA1

      218d5c95f0ac830408a7a9c3c5bc5328768ba05c

    • SHA256

      86db57c0bc187639ab985ffa4dd383a2704273aada862ff21b62de85c6f88748

    • SHA512

      b30bc0a47154e46b4f607711bc131146628fab61b0754301e2443f3575db3fdf4a1255117af2c0a5cb59e855713ffc389993f87f423805bd1d457987eb480c8d

    • SSDEEP

      6144:FCvZQF2uFxbIBMPryJc3Nz7jCbT3Cdeh2kPYjj1XzVB8PQqZ:FCuFfbNyq3NzXCvCdMCN

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks