General
-
Target
Swift copy.doc...exe
-
Size
619KB
-
Sample
200731-epwngwb15j
-
MD5
e5804ae69d56f7a6a61cebed35496ab3
-
SHA1
36a0ae19084417b1c8a148946f80512ea4666d47
-
SHA256
16f661258c7572ebd08fa986cfe3e2f1b24196d366d048102900e60979f42ca4
-
SHA512
f54b387cde1a75c816c2cb9dc415cf9a076c256b061055bbfda055bd9214f9d0b1e1c61d207391b26684a781cb8f167f083187774a4e6381b0ceca8af0023d0e
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.doc...exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Swift copy.doc...exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
smith45333@vivaldi.net - Password:
1234567812345678az
Targets
-
-
Target
Swift copy.doc...exe
-
Size
619KB
-
MD5
e5804ae69d56f7a6a61cebed35496ab3
-
SHA1
36a0ae19084417b1c8a148946f80512ea4666d47
-
SHA256
16f661258c7572ebd08fa986cfe3e2f1b24196d366d048102900e60979f42ca4
-
SHA512
f54b387cde1a75c816c2cb9dc415cf9a076c256b061055bbfda055bd9214f9d0b1e1c61d207391b26684a781cb8f167f083187774a4e6381b0ceca8af0023d0e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-