Overview
overview
10Static
static
Account Ap...rm.exe
windows7_x64
10Account Ap...rm.exe
windows10-2004_x64
10Agreement.exe
windows7_x64
10Agreement.exe
windows10-2004_x64
10Contract Rates.exe
windows7_x64
10Contract Rates.exe
windows10-2004_x64
10Contract.exe
windows7_x64
10Contract.exe
windows10-2004_x64
10General
-
Target
0879e3df000ba3c68fe594767610aa373c7c19053eae0bac04076a76ce8aac38
-
Size
1.3MB
-
Sample
220521-b7efyadch2
-
MD5
8aac9e0a1f733794f64dfd4bb7252732
-
SHA1
818af7bc947696ffd4ac261e0bbf8577d22bb344
-
SHA256
0879e3df000ba3c68fe594767610aa373c7c19053eae0bac04076a76ce8aac38
-
SHA512
a8c09e4e3155f984d6f7b86d07ab835cf343190cb8055bf42e1ec1711f8c59dfd86d1761376e33683674e9826507db5fcf4999ec2727c8e39660ccd1ad66e2df
Static task
static1
Behavioral task
behavioral1
Sample
Account Application Form.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Account Application Form.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Agreement.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Agreement.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Contract Rates.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Contract Rates.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Contract.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
Contract.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kteadubai.com - Port:
587 - Username:
mujeeb@kteadubai.com - Password:
bt3tw9wqh#B
Targets
-
-
Target
Account Application Form.exe
-
Size
478KB
-
MD5
7acfdd63ab76c9cf0b2d3be22ecb6fcd
-
SHA1
8b91ee50f4fc626e750fbf03604ff4683f26d68b
-
SHA256
0cbeec037901550f7d50076bd0aef2937cafe6699a81c3859c47debd90fee98e
-
SHA512
072d998c4f9fd03d746b11d86fd8f29709d10445aab600e0af1770d2077fa920259ab6133ede772b27a4949f60782e9daa17e1b1248eec4864e26478981ab4cb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Agreement.exe
-
Size
308KB
-
MD5
c38d49bb12881d106244f20994b37f08
-
SHA1
1848f48522f250fe35d2ce0ee77087920a22ad6c
-
SHA256
b8b648e44f2ab26fa568183e5139a8cdfe5fd7b6b1e174184324fb3056c9ce8e
-
SHA512
e780fbc6250e07018f03448c8468f8b0836545a4354339d39ac5814f3aaef842cb612e0afe94f0f5a6b90396623ed0f2095d7894cd4aeded88fec9e3c3f5d08c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Contract Rates.exe
-
Size
312KB
-
MD5
18376bd1c0ad2d6cc811aab96027da5f
-
SHA1
64be33035c41fcb68a2c1b576286f902e519a659
-
SHA256
e78e7d17890f956f99183f8524d03f871bce6e82cc1794937d680c4510bb4be9
-
SHA512
1ed3ba86abdc2c9312a86cd4598d1afcf3adb5ffe816c2fc81b7711b707302f979875b97f5ea4545cee60aa0b24a971331ffabc1a21bef393ab998be4743fa9b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Contract.exe
-
Size
476KB
-
MD5
e60a1130fe83ba713143af716df21629
-
SHA1
4a1d99b1bbc69aa67e73f953caf8ba86120f7443
-
SHA256
b0fc5ca9a05de7084f80988655e413f489556a99e07d5009aee4fb476ce243de
-
SHA512
eef283520885652bd24785c9934fb645b5cdcfc1f6ff1884744ab528641a1947e5b2cc7009d292a3695499160f5d441e2cade632f65f6d30d749d03a1dc28d88
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-