General
-
Target
c36a8ebca4a3b885c2946057ed5ce645242ed43b969b9a56f2ab2d224914b8d9
-
Size
388KB
-
Sample
220521-b1a5yafhaq
-
MD5
5207371491f92c5e3251742aeddf293c
-
SHA1
8c68516a39ac5df11a05e14e65bb89455d8fad60
-
SHA256
c36a8ebca4a3b885c2946057ed5ce645242ed43b969b9a56f2ab2d224914b8d9
-
SHA512
d3feb2593dfaea5b0927b75e17dccc01cda1defcb7e54753e6e549ca2ad3142ad39b98e674d9244c35da49e11f136329c0cc2e3a3c80cde8c6b8369cfa40c148
Static task
static1
Behavioral task
behavioral1
Sample
Bank Details.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
[email protected] - Password:
9+^va&phP1v9
Targets
-
-
Target
Bank Details.pdf.exe
-
Size
470KB
-
MD5
f13e09c25b9c7c10247bb018181a8814
-
SHA1
5bfffdee2bedf34c51efd4d1caf546f5d2f0302d
-
SHA256
2ae952b2cc6f04f55a42c82386e16ddece41b1f8f6cff192cc18eb2b037d89b4
-
SHA512
0c44eb7d8a5d0d07d0a180d548fbe3c8e13b4077d1b99ae2ab9cf058a4040eb369cf41d578d3366f7502ce5b5cfb28f2c47287f8aa8a61f470fc6b7022aa6466
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-