General
-
Target
SWIFT COPY.exe
-
Size
486KB
-
Sample
201109-73qd5w94mj
-
MD5
cff428da8480fae5a9715be28a7a2d26
-
SHA1
df5ebf17af3c084a6b760bedcf9631671251aff2
-
SHA256
2adc69f66c9ac282f200d7c46fe662ec89f113abd5b4bc77f5094c2b3dbddb47
-
SHA512
2ed52511dba9de589525ef23e08234b2b607985ad7708a03489ae3e21c1183fd75b866899f677b630c281932b24a77117eb700a868b70ceea5ad7c2e6d845e6e
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT COPY.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SWIFT COPY.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.liabherr.com - Port:
587 - Username:
obi@liabherr.com - Password:
n*pmouf4
Targets
-
-
Target
SWIFT COPY.exe
-
Size
486KB
-
MD5
cff428da8480fae5a9715be28a7a2d26
-
SHA1
df5ebf17af3c084a6b760bedcf9631671251aff2
-
SHA256
2adc69f66c9ac282f200d7c46fe662ec89f113abd5b4bc77f5094c2b3dbddb47
-
SHA512
2ed52511dba9de589525ef23e08234b2b607985ad7708a03489ae3e21c1183fd75b866899f677b630c281932b24a77117eb700a868b70ceea5ad7c2e6d845e6e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-