General
-
Target
2bdf9487adb8a6f4d86f0c8cf3c5c5a7_JaffaCakes118
-
Size
394KB
-
Sample
240329-y3qdzahf29
-
MD5
2bdf9487adb8a6f4d86f0c8cf3c5c5a7
-
SHA1
75d93cb1b86e0a0d53fc08446eb46de4939b5d30
-
SHA256
e13afdd0fd1fb07099a8caa32bdba8c0d15ab2b5ad40f9bee89d88556e60bf34
-
SHA512
88fb6458bf2f345c57f53c479c136f6a28940b0a7fa6e7ebc2ba92f5eb2fa39062ea4937fea00f8bf7b2687a25e38440ed644e0dc4dd7453a986afce6b371011
-
SSDEEP
6144:kC8RXHAdGX0/mpvmDocHoW9aEsoawAMNAxlIxNff6/QO4p1Vzcza:N8e4nmaNwlNAg/6/QO4Rzp
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Swift copy.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg2plcpnl0023.prod.sin2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
User@40378
Targets
-
-
Target
Swift copy.exe
-
Size
523KB
-
MD5
e72cfc505a04738c223b68891648a3a6
-
SHA1
83e41cc20431e1a4a09e8bf1a851327fc5dd417a
-
SHA256
4fb5377736624d79dfce363b511b8ea682556789140aa24a7045553eb237bc05
-
SHA512
d4beee29bf68ec475d062e324f43ea07ea4e0faa65b87c009dcaafc4cc4faa0ae8f83684d593b01292f47a9f9602522e0b622783c41630d6996f9c42a29b7ef9
-
SSDEEP
12288:o00OwNpAv3D9PaV+yfsipEvVewzzzT6OHLzeXSBU1V:elFEdeQzljBU3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-