General
-
Target
256265507c2b9d72518d45efd51a2614c9819543febc513c6bf0f221bf4aae49
-
Size
402KB
-
Sample
220521-b2hamscha8
-
MD5
ed57c52ee7c6dc7609e7ed4ed43478a4
-
SHA1
e9363af62a97da5835dbd97a9544578d4423e6aa
-
SHA256
256265507c2b9d72518d45efd51a2614c9819543febc513c6bf0f221bf4aae49
-
SHA512
7a372a5daccf8a2bdc9e57a3ccf3d85ea8cb87133133518271a180e0ef70f9322febf03157041a977d4cb3d4242f4bfcffa62efe85f5dc1109a70b9b26d362fa
Static task
static1
Behavioral task
behavioral1
Sample
New Order_20201005.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order_20201005.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bodycarecreations.com - Port:
587 - Username:
satinder@bodycarecreations.com - Password:
Lion@4321
Targets
-
-
Target
New Order_20201005.exe
-
Size
485KB
-
MD5
0833379dfc176dd9b45583ffa17f606f
-
SHA1
db7ac59de44a73ddf72deeae7bc8d5d920a30d2f
-
SHA256
b35aa80fb3b648476497cbbd49c772db6b9ce1d9f3419aa81b99936720584f41
-
SHA512
2dd0f58875ef19af734dea63e1036563e8f711d62a903553116febdfae716e590186ef0f748edae9b7e002491299f49a91c0295384c67e29c54d65418f3ea6da
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-