General
-
Target
4f85e9a778ee5bcbb0b11144a0d507eea90fc38f60c4b9b1972bf46287d2076f
-
Size
388KB
-
Sample
220521-b15pjsfhdq
-
MD5
25c60f5548d5dd9f3b03056dd34c6c29
-
SHA1
601b32026246f6a49eeb7a75426bf2784cbe2f39
-
SHA256
4f85e9a778ee5bcbb0b11144a0d507eea90fc38f60c4b9b1972bf46287d2076f
-
SHA512
dc863af6b1ad40480796cb9cb040d719a8bfbe9ff43f9a58da5b176ddc38e6c82fa394bef1c3f8c0860ecc8a493e417985054ee75bcc05376666bbb36e41749d
Static task
static1
Behavioral task
behavioral1
Sample
0wqm6DEuBEtkW6x.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0wqm6DEuBEtkW6x.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yueqnugroup.com - Port:
587 - Username:
[email protected] - Password:
zLE!VGv8
Targets
-
-
Target
0wqm6DEuBEtkW6x.exe
-
Size
470KB
-
MD5
8139b50c41d69f9154d6823b3451c113
-
SHA1
9268206861db25c60e2437e1ef8c7b8455c3e09c
-
SHA256
bf0d59028ae38ed30ac853eef4e6ceb21777730a1272587fd4d000e6b8b97a8e
-
SHA512
126771597711ad3fdff6a86f4f1c6f49e11327d15f19a018f12ffe7b5c1a8d88da06202170b26a1ded0e752825e0ff44ff966c37eae9857740fb0b02f390d2d1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-