General
-
Target
swift advice Ref[GLV501756103].exe
-
Size
499KB
-
Sample
200731-cp12j3xkxn
-
MD5
3c29248e3d6885fdbc7918485def416b
-
SHA1
d519b85de73a25025bc3fe0b89178a320feb38f8
-
SHA256
74f0abd5013240cc7c7907544e081c7331c278356e5a0d7a9f5add4105734611
-
SHA512
2ddf3ad3e75d9cd114e60eb0e7ca681f71d2b4a4e841d9c4446c0488b0b5d5e23dfd6ef285d25768890f1cde1cac0383c4c09b17d657aa113013c1bd79b80cbe
Static task
static1
Behavioral task
behavioral1
Sample
swift advice Ref[GLV501756103].exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
swift advice Ref[GLV501756103].exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
account26@lonqsailing.net - Password:
IZmBVEm3
Targets
-
-
Target
swift advice Ref[GLV501756103].exe
-
Size
499KB
-
MD5
3c29248e3d6885fdbc7918485def416b
-
SHA1
d519b85de73a25025bc3fe0b89178a320feb38f8
-
SHA256
74f0abd5013240cc7c7907544e081c7331c278356e5a0d7a9f5add4105734611
-
SHA512
2ddf3ad3e75d9cd114e60eb0e7ca681f71d2b4a4e841d9c4446c0488b0b5d5e23dfd6ef285d25768890f1cde1cac0383c4c09b17d657aa113013c1bd79b80cbe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-