General
-
Target
81c5ba4cf759965ea48ecd717f58338ab07ff6c40e39be7838904c32333f41cf
-
Size
398KB
-
Sample
220521-bsbfqsfdfr
-
MD5
6825bff20ce80fb66b2ba5f437f8f5d3
-
SHA1
340029ad943cf796de30e69f2659756edfaad37b
-
SHA256
81c5ba4cf759965ea48ecd717f58338ab07ff6c40e39be7838904c32333f41cf
-
SHA512
cbd25a5633f9df8ade2eb446372a0828c024debfddf7cc3c6cbd448643c648d21590b29828d207ea14af8ed949ae5b8d592e33227ae9f5a36601cea4efcb02f1
Static task
static1
Behavioral task
behavioral1
Sample
Reff # PO_67574 SN-3945 187809.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Reff # PO_67574 SN-3945 187809.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Starboy@22
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Starboy@22
Targets
-
-
Target
Reff # PO_67574 SN-3945 187809.exe
-
Size
519KB
-
MD5
2937291b0e76f9710529d315a15b2ead
-
SHA1
4ed50482753f2f5001221c51b291247cd4cd9e58
-
SHA256
52076bdaeca2aec859341f506d295ab541af5f1454be18dbf869694b613395c7
-
SHA512
160197e2ef76d7628575a053b59fe92b97e002dae60fb19acbbd971b84395487d622d83c51ec2946e37af04596a27dd0e76e9389cbc60abcd0a745a4ff2f5938
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-