General
-
Target
SOA_JAN_MAY_20_doc.exe
-
Size
493KB
-
Sample
201109-lp2qd1m29j
-
MD5
fecd60c16e011bb46d2def8b40a97c0d
-
SHA1
d58d6eddb59e69570fd6415db66a59963ec0c32c
-
SHA256
798fb244e7a14d63cadd3eacb43f1ea453999e3a8aecc19c369a95b4c50698c9
-
SHA512
8f32335b96b3f7dbe5afe185cd28c4de89460b4deb1fb43b4a5153ffc0e05398005d2d82ff985d4f563d0f887c5ec031e91263d89ca0e3461173a871d42124b1
Static task
static1
Behavioral task
behavioral1
Sample
SOA_JAN_MAY_20_doc.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SOA_JAN_MAY_20_doc.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
info@pptoursperu.com - Password:
mailppt2019-
Targets
-
-
Target
SOA_JAN_MAY_20_doc.exe
-
Size
493KB
-
MD5
fecd60c16e011bb46d2def8b40a97c0d
-
SHA1
d58d6eddb59e69570fd6415db66a59963ec0c32c
-
SHA256
798fb244e7a14d63cadd3eacb43f1ea453999e3a8aecc19c369a95b4c50698c9
-
SHA512
8f32335b96b3f7dbe5afe185cd28c4de89460b4deb1fb43b4a5153ffc0e05398005d2d82ff985d4f563d0f887c5ec031e91263d89ca0e3461173a871d42124b1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-