Extracted

• • Target

    Swift Copy - 2209128.scr.exe

  • Size

    738KB

  • MD5

    7ee0dd1050cb0400d6723bab54e7e8a8

  • SHA1

    6850fd22a2e19488ec67c26a5d23f940bafda503

  • SHA256

    cc7ca4eb1a90642066ef9697165ceb0a12cb5b8498a198cbed5524cab5974e74

  • SHA512

    a207290b41e14f2585c6cde57065e6ea636b28772632b3f1e5c6928b30cfb1f8fe5c19f62e470e674261f11920beaca55c5d561e1c53bf9d1bc76ac319b09c81

  • SSDEEP

    12288:puCiYvsrIBuq55QDJQ+sb0nzEUZCbijw34RRUAmbYgeNpt7FvFHgZy:oCHUrhDQgGbqi4jObY7Npbv5gZ

  Score

  10^/10

  agentteslacredential_accessdiscoveryexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2