General
-
Target
8eaf735b18c3a1ebd7077eeac81457f1e7311114dd28604246728c4e02881f7c
-
Size
432KB
-
Sample
220521-brlv3scda3
-
MD5
92e628a9e4771d284e294da1efc0fb22
-
SHA1
0cb93fe207dd30288b0a826d4cdf6b9a209e7e98
-
SHA256
8eaf735b18c3a1ebd7077eeac81457f1e7311114dd28604246728c4e02881f7c
-
SHA512
7f4cdc0e95de6922895a51a3a5a1ee50e9a010862be9098293fa6bab6062649b88345266361bc79325757e0363c14aea7747ec59c97d19a659a022de669bf353
Static task
static1
Behavioral task
behavioral1
Sample
sales _pdf.gz.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sales _pdf.gz.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
sales _pdf.gz.exe
-
Size
503KB
-
MD5
561978ce5c5027ddd74ab9958c89569e
-
SHA1
dbf352dd70a714e9f1f0b03832c0eca8eab17754
-
SHA256
34604c450edccb519e89347afd87707ca455038abfc2cc0e5b2919a4a677f93c
-
SHA512
b262294b164202685a9a6cf4b829bc2e2db820a254315bc1386e080c3617212673300d93a076ccef1d28c5e2ff5769c2d46eb1296a731e7edfaaaad0f6f14ca3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-