General
-
Target
8fccab27aa3dcbb5ed5ed962f25b2c7016536aaca3f2a5b0624ae2a8ac1c54ae
-
Size
417KB
-
Sample
220521-brkm1scch9
-
MD5
71331cf654be64ea7bef3599880525de
-
SHA1
cb2921c53d7856eb9cde3dbba8ad7568f42fd387
-
SHA256
8fccab27aa3dcbb5ed5ed962f25b2c7016536aaca3f2a5b0624ae2a8ac1c54ae
-
SHA512
7d73466126e1221c16986f7a30e074b85ed0ed83153c06afac2966f82453be97586282f981867e2c102fff4ee0b60eb36b8e52c3341c168c3a466a30802cf3db
Static task
static1
Behavioral task
behavioral1
Sample
BANK DETAILS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BANK DETAILS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
BANK DETAILS.exe
-
Size
492KB
-
MD5
8d51581d38bf6d814eeb107d8bb7056c
-
SHA1
cf22a586b7a298ab0032b20695902d43673d9c17
-
SHA256
1ab6018047531cee5f411099f396fb8fcdf2c8c20062e9c33118726265ccd5fb
-
SHA512
54588360eda1bd70c2b8da73297676d9bcbb6db0c56c49fa442308b7fdb1b2429586d9c7db5ccdcd23afc2d39fd5d2e40382faebbbe738ebdf363f13cd1cd563
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-