General
-
Target
new purchase order.rar.exe
-
Size
523KB
-
Sample
201109-5bejbj3myx
-
MD5
e50b58922768f36a719aa5e91c086c06
-
SHA1
f2216e02ce43d07bc6bc8b7fb01461f1d9d1aa91
-
SHA256
a4d3085a47bf0da4fa557e18de19bada74667d0eaa3dca959990b96215bb25cc
-
SHA512
ba6be2906587a73203196853952878e017e99ad94edec3195a368edd99f9fb0c2ae3218b84bd943a57f0cdbbd340043c0858b9e050f330dbacdf26b45f32d078
Behavioral task
behavioral1
Sample
new purchase order.rar.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
new purchase order.rar.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.villanika.gr - Port:
587 - Username:
info@villanika.gr - Password:
n2^-9wE@Wl}t
Targets
-
-
Target
new purchase order.rar.exe
-
Size
523KB
-
MD5
e50b58922768f36a719aa5e91c086c06
-
SHA1
f2216e02ce43d07bc6bc8b7fb01461f1d9d1aa91
-
SHA256
a4d3085a47bf0da4fa557e18de19bada74667d0eaa3dca959990b96215bb25cc
-
SHA512
ba6be2906587a73203196853952878e017e99ad94edec3195a368edd99f9fb0c2ae3218b84bd943a57f0cdbbd340043c0858b9e050f330dbacdf26b45f32d078
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-