General
-
Target
duk (3).exe
-
Size
511KB
-
Sample
201109-bdp228aft2
-
MD5
04b191c4242a98c5b14ed1de9c61ef8c
-
SHA1
4c4fafb67933eb18100acdc76128f42dc9a9525f
-
SHA256
bbfd3959ef22e9fa18ed11cbc9b8f31ac36e86f0d055d2c57b81ee19f9c54175
-
SHA512
c613ece1002132dfacf60eb41a0d1910e3e3c314db9b53f13b9e9eb34c4db9553538f3fc12f22c3ddf5ca705a53f64517783b292c240c20ec0d002a8e202144b
Behavioral task
behavioral1
Sample
duk (3).exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
duk (3).exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
chat@hotel71.com.bd - Password:
9+^va&phP1v9
Targets
-
-
Target
duk (3).exe
-
Size
511KB
-
MD5
04b191c4242a98c5b14ed1de9c61ef8c
-
SHA1
4c4fafb67933eb18100acdc76128f42dc9a9525f
-
SHA256
bbfd3959ef22e9fa18ed11cbc9b8f31ac36e86f0d055d2c57b81ee19f9c54175
-
SHA512
c613ece1002132dfacf60eb41a0d1910e3e3c314db9b53f13b9e9eb34c4db9553538f3fc12f22c3ddf5ca705a53f64517783b292c240c20ec0d002a8e202144b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-