General
-
Target
opo.exe
-
Size
528KB
-
Sample
201109-g9ag1ejbxe
-
MD5
2d518011d53c1cbb00a23a53e259aa08
-
SHA1
0e846cf62a46c5e90c0d4bd62214b76c068196e1
-
SHA256
4a2c1f3c1df5c34f1c99c8f7cc8b18fae2c71189e6e383face3ff7fa31224f52
-
SHA512
853cf293a0f8972de34c88df10ee41d2e678f8ff141d73678f0758c448885be57d5facab9169ea1c4f169b978fb3b671c7416519001b7b4f263ff60ca2997a58
Behavioral task
behavioral1
Sample
opo.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
opo.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cpworldindia.com - Port:
587 - Username:
parag.bapodara@ahd.cpworldindia.com - Password:
bopo@2014
Targets
-
-
Target
opo.exe
-
Size
528KB
-
MD5
2d518011d53c1cbb00a23a53e259aa08
-
SHA1
0e846cf62a46c5e90c0d4bd62214b76c068196e1
-
SHA256
4a2c1f3c1df5c34f1c99c8f7cc8b18fae2c71189e6e383face3ff7fa31224f52
-
SHA512
853cf293a0f8972de34c88df10ee41d2e678f8ff141d73678f0758c448885be57d5facab9169ea1c4f169b978fb3b671c7416519001b7b4f263ff60ca2997a58
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-