General
-
Target
SWIFT COPY.exe
-
Size
1.0MB
-
Sample
231205-h4z2sshg3z
-
MD5
d7a5e6cf0c7f0937d74f25ad55b89bfa
-
SHA1
a9eaeb41ac609c8720e0f5c5e9d7c43fd9388876
-
SHA256
94e790b64206a78f0a30e4fe686559010744a1596679e7daeb8c3325ff346bbe
-
SHA512
e32e76af4af359654b365f7ede6896924e5d6dc77f73f3376d8238043d6031ec63425dddc0898471a2d36ca947c302c784f4fd1c50e3cd6a660ec71a8d467a63
-
SSDEEP
24576:ZG6s3KSpszXe/e88e+wYm9I4uKe/lEpY:QV3KrXWvCwYqf
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT COPY.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
SWIFT COPY.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
premium184.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
^HPUm$4%eL~b - Email To:
[email protected]
Targets
-
-
Target
SWIFT COPY.exe
-
Size
1.0MB
-
MD5
d7a5e6cf0c7f0937d74f25ad55b89bfa
-
SHA1
a9eaeb41ac609c8720e0f5c5e9d7c43fd9388876
-
SHA256
94e790b64206a78f0a30e4fe686559010744a1596679e7daeb8c3325ff346bbe
-
SHA512
e32e76af4af359654b365f7ede6896924e5d6dc77f73f3376d8238043d6031ec63425dddc0898471a2d36ca947c302c784f4fd1c50e3cd6a660ec71a8d467a63
-
SSDEEP
24576:ZG6s3KSpszXe/e88e+wYm9I4uKe/lEpY:QV3KrXWvCwYqf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-