General
-
Target
H8pkkXDMNSesvys.exe
-
Size
524KB
-
Sample
201109-vdap1eew9n
-
MD5
876593a2d1bede193fcc3ef81b5eef4e
-
SHA1
5ad79510851f743bb4be257e36a6a0729c5679d3
-
SHA256
e909cbf5a12f8309b93746f877cb4cdf0b8a41d07c4b2badbf917748679213d2
-
SHA512
1290c80cbd1b81bd3cb845160ee0e513cf186355a5fa4bd91dc02b4ca2cf8a5b06ff31d7db1ca7f9add5062ee92bf52a77f9a56be01f872b10e9b49d3f64af98
Behavioral task
behavioral1
Sample
H8pkkXDMNSesvys.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
H8pkkXDMNSesvys.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
uz@cairoways.me - Password:
09012345@
Targets
-
-
Target
H8pkkXDMNSesvys.exe
-
Size
524KB
-
MD5
876593a2d1bede193fcc3ef81b5eef4e
-
SHA1
5ad79510851f743bb4be257e36a6a0729c5679d3
-
SHA256
e909cbf5a12f8309b93746f877cb4cdf0b8a41d07c4b2badbf917748679213d2
-
SHA512
1290c80cbd1b81bd3cb845160ee0e513cf186355a5fa4bd91dc02b4ca2cf8a5b06ff31d7db1ca7f9add5062ee92bf52a77f9a56be01f872b10e9b49d3f64af98
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-