Overview

overview

10

Static

static

3

swift Copy.exe

windows7-x64

10

swift Copy.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b592d3a9de45a745dbccb974e0bdde0d

  • Size

    410KB

  • Sample

    231011-np5avsec26

  • MD5

    b592d3a9de45a745dbccb974e0bdde0d

  • SHA1

    f9b86b799145fae5e9ca5ab2024067de0fe9bf36

  • SHA256

    de76332877d4eda402034457ac3aed72ef994ddcede36a4388b7f9378067c791

  • SHA512

    c24654b7fd2237a39d7e061dab1925b209090cf35d4fcdf0f0d24d8498793c5cebeb25a2f205afb8dc018f39a64ab3e3ceff337a0523978f4f647602c5322525

  • SSDEEP

    12288:J4s4BsDX55xLV+Dk7f+99W2q9IaIF/cnXuz:eu/V+DM+jNcnXY

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      swift Copy.exe

    • Size

      506KB

    • MD5

      7e6698e0d5ebc6fd5dff5c31a4af1ccf

    • SHA1

      af219f931555d2c14814df40f09c22e723934952

    • SHA256

      7c6290e3655029c44efe34d131645a716c892194cbe501514927d90350fee4f7

    • SHA512

      153f4890ecbd0d877f052971866d7c31fa9f7452c3e8a49a54e9f703ac8e0b06f51dbc52ca139d271b4855957b039547d016a37ba57401b242d72c6aba3f2639

    • SSDEEP

      12288:lqY4c2x4HIyUB8wGY1wLVCWk7LNCgQfcpT63ZMbcWw:hAOoeLwxChcpQO

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks