General
-
Target
fcf049991dfb8e6335d8c823972f90b9bbe86a8dcbd8acbffb32a0ad54d7e306
-
Size
468KB
-
Sample
220521-b7739agdgm
-
MD5
65b89a1bcd23e2c04c6ad151f68b1a4a
-
SHA1
01dc722b88a450cb5256bca363e519aea60208e1
-
SHA256
fcf049991dfb8e6335d8c823972f90b9bbe86a8dcbd8acbffb32a0ad54d7e306
-
SHA512
faa0c8053c08b8f04aa4559937fce1954d0a55d88df3e878ea322499705db110f5275439dc348b666e929b76c5aaafda07d8cbab296f1589fa9fcbb1bd6e3905
Static task
static1
Behavioral task
behavioral1
Sample
3036875844.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3036875844.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.marketinfosales.com - Port:
587 - Username:
chirs@marketinfosales.com - Password:
8})FotiAEI+U
Targets
-
-
Target
3036875844.exe
-
Size
521KB
-
MD5
06717c4add3be373caff9ab78d43e703
-
SHA1
e8bf1612856c3fa6d131c8c6a7d40bbdf8b71af1
-
SHA256
5c5d3a50ee36f571b8774016b22e24205b4a6b43a48a0da7078e9ce6025ded76
-
SHA512
344c560f02615d731660d133f37312740fd92323ae15adb26536d6af6ce18765f467302e318591639889b18c7c901965a55cf55e9e4b2284da13829aca30c215
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-