General
-
Target
opo (1).exe
-
Size
500KB
-
Sample
201109-1ed8ncwlyx
-
MD5
6f366f6932afabce27a09613f221fe7d
-
SHA1
4795261b97ca244bef5a007e2bcce74350a091eb
-
SHA256
f35fa2a6281a2a24016729d315083a638edf176a890a605dba2ac134e1733bb3
-
SHA512
8d063bb927760a9b3ad435162b3b97f0ccd824e6aaa96e97baa71460b29ae12388399138a0862e79d5754f1056e2e8ee5cd09ec91d02fdc3ee8578ca089ac651
Static task
static1
Behavioral task
behavioral1
Sample
opo (1).exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
opo (1).exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cpworldindia.com - Port:
587 - Username:
parag.bapodara@ahd.cpworldindia.com - Password:
bopo@2014
Targets
-
-
Target
opo (1).exe
-
Size
500KB
-
MD5
6f366f6932afabce27a09613f221fe7d
-
SHA1
4795261b97ca244bef5a007e2bcce74350a091eb
-
SHA256
f35fa2a6281a2a24016729d315083a638edf176a890a605dba2ac134e1733bb3
-
SHA512
8d063bb927760a9b3ad435162b3b97f0ccd824e6aaa96e97baa71460b29ae12388399138a0862e79d5754f1056e2e8ee5cd09ec91d02fdc3ee8578ca089ac651
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-