Extracted

• • Target

    SWIFT COPY.exe

  • Size

    1.0MB

  • MD5

    d7a5e6cf0c7f0937d74f25ad55b89bfa

  • SHA1

    a9eaeb41ac609c8720e0f5c5e9d7c43fd9388876

  • SHA256

    94e790b64206a78f0a30e4fe686559010744a1596679e7daeb8c3325ff346bbe

  • SHA512

    e32e76af4af359654b365f7ede6896924e5d6dc77f73f3376d8238043d6031ec63425dddc0898471a2d36ca947c302c784f4fd1c50e3cd6a660ec71a8d467a63

  • SSDEEP

    24576:ZG6s3KSpszXe/e88e+wYm9I4uKe/lEpY:QV3KrXWvCwYqf

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2