General
-
Target
54f102a5325edc227167444a30568b3eaeb3f8b34d68395b6ee6414d2ade377c
-
Size
371KB
-
Sample
220521-b13vyscgh8
-
MD5
1cd051e2c1a268ed92a8afaf27e6c2c8
-
SHA1
d312e6a200a49bd8d37ff9ed5e788210c3fdb366
-
SHA256
54f102a5325edc227167444a30568b3eaeb3f8b34d68395b6ee6414d2ade377c
-
SHA512
4031c6c8e65a55e51d4554f27988093f0e1141cfa31e0ebd439bba506e29c9e29711b99e5762a77d6fb7be5c797cf6a90b0e58db4282c5602c67fd33da4e23f0
Static task
static1
Behavioral task
behavioral1
Sample
S00100239029933-05-11-2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
S00100239029933-05-11-2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elhelado.com.mx - Port:
587 - Username:
servicio@elhelado.com.mx - Password:
4042Ad@+
Extracted
Protocol: smtp- Host:
mail.elhelado.com.mx - Port:
587 - Username:
servicio@elhelado.com.mx - Password:
4042Ad@+
Targets
-
-
Target
S00100239029933-05-11-2020.exe
-
Size
455KB
-
MD5
e641c2db9fb60a6fd0e1938bc264938d
-
SHA1
9719f6b085c88f384190caa4e864f49277204519
-
SHA256
5a352b2ee786cc795f1384a14290a9bb06db592c529f0f4f50ab7cacd95bd091
-
SHA512
8bfc54d03cc1eba98576da8f17fdfbcb83ae6908ece722e61b8a48ea38de43d446da669c42b89e462673b976e0e97a1f6908c5d0f287bf3239a2ffa2fd313350
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-