General
-
Target
Swift Copy 000293940040005959500000599505000.exe
-
Size
385KB
-
Sample
241115-p4yx3axrek
-
MD5
be9db428810324405b74f69d0c33b532
-
SHA1
4eae2c3c5793ac8b407a648db3434833d9877e4f
-
SHA256
cb91f601dfceef4ca12ce24f80ac1e55ab5fc5cc8dcfacefa02120241d429ae6
-
SHA512
ad02acbf7093bde2e36676670e3ff99562d88a3f8fa6f30bde6d7f0a43d888e5a1ff7d9a359dbbac7a60387bdde0dbecfe73f65a7c5817cb51f7bcc3aa81d0ad
-
SSDEEP
6144:oV13JYAlkOFRH3D4i/awYYsQ2Ucu4zvgwgp2fdpWYvjEWjTj6F1gZ4sk:ojmAvMVYs35/3CMpWov+J
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy 000293940040005959500000599505000.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Swift Copy 000293940040005959500000599505000.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Swift Copy 000293940040005959500000599505000.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Extracted
Protocol: ftp- Host:
ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
Swift Copy 000293940040005959500000599505000.exe
-
Size
385KB
-
MD5
be9db428810324405b74f69d0c33b532
-
SHA1
4eae2c3c5793ac8b407a648db3434833d9877e4f
-
SHA256
cb91f601dfceef4ca12ce24f80ac1e55ab5fc5cc8dcfacefa02120241d429ae6
-
SHA512
ad02acbf7093bde2e36676670e3ff99562d88a3f8fa6f30bde6d7f0a43d888e5a1ff7d9a359dbbac7a60387bdde0dbecfe73f65a7c5817cb51f7bcc3aa81d0ad
-
SSDEEP
6144:oV13JYAlkOFRH3D4i/awYYsQ2Ucu4zvgwgp2fdpWYvjEWjTj6F1gZ4sk:ojmAvMVYs35/3CMpWov+J
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-