General
-
Target
PO# -RDPLI2020-03060 - PILOT# 154550.exe
-
Size
506KB
-
Sample
201109-qcd7f3ed36
-
MD5
9bf56e4b75bec106e43fa542d5329135
-
SHA1
d22427be6b476f2362463c291cd4682e6ecc5bb0
-
SHA256
3f68b22fb16c34f3e0b8f0437901b1a67ee94ad173d4d810abd91b7bf2c8d3a3
-
SHA512
22021ea13ae74b4acb1c96a48d39dca8bbc464ebad087ce978c3821175302e6580f393755043f81583fa4e51ecc8cd24aee2be7cab62efe66e175e149891af66
Static task
static1
Behavioral task
behavioral1
Sample
PO# -RDPLI2020-03060 - PILOT# 154550.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO# -RDPLI2020-03060 - PILOT# 154550.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.villanika.gr - Port:
587 - Username:
info@villanika.gr - Password:
n2^-9wE@Wl}t
Targets
-
-
Target
PO# -RDPLI2020-03060 - PILOT# 154550.exe
-
Size
506KB
-
MD5
9bf56e4b75bec106e43fa542d5329135
-
SHA1
d22427be6b476f2362463c291cd4682e6ecc5bb0
-
SHA256
3f68b22fb16c34f3e0b8f0437901b1a67ee94ad173d4d810abd91b7bf2c8d3a3
-
SHA512
22021ea13ae74b4acb1c96a48d39dca8bbc464ebad087ce978c3821175302e6580f393755043f81583fa4e51ecc8cd24aee2be7cab62efe66e175e149891af66
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-