General
-
Target
PO #-NHU.exe
-
Size
491KB
-
Sample
201109-x8w7vgch1s
-
MD5
53aecf8da936ceeee03466ea0b23a355
-
SHA1
edb66f141e0ca7fc40c69970f84b9288ad5daf2b
-
SHA256
d7cbce19566617353e8ab7c32adcee2543a7e9422ac77b6ef8b3b64b58389651
-
SHA512
3cd5fb16e2aa8a00ded82f91059328cea925f52d4c2983a0298d102e92d72904283fae07e77acc7eea8af87f24b168ffc05596dd432a65aad579c5b62c48fde7
Static task
static1
Behavioral task
behavioral1
Sample
PO #-NHU.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO #-NHU.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dianaglobalmandiri.com - Port:
587 - Username:
info@dianaglobalmandiri.com - Password:
Batam2019
Targets
-
-
Target
PO #-NHU.exe
-
Size
491KB
-
MD5
53aecf8da936ceeee03466ea0b23a355
-
SHA1
edb66f141e0ca7fc40c69970f84b9288ad5daf2b
-
SHA256
d7cbce19566617353e8ab7c32adcee2543a7e9422ac77b6ef8b3b64b58389651
-
SHA512
3cd5fb16e2aa8a00ded82f91059328cea925f52d4c2983a0298d102e92d72904283fae07e77acc7eea8af87f24b168ffc05596dd432a65aad579c5b62c48fde7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-