General
-
Target
7d21ce5280d075c160a1c4688ea3f3a1b9c0ab23bf551a6f457b3d04f7f8c5f0
-
Size
420KB
-
Sample
220521-bsjr4sfdgp
-
MD5
f02806d6a654cc8963f9e2a0ce5b52d3
-
SHA1
f8c015654ea8dfa1063b87b190703d24cdb98b12
-
SHA256
7d21ce5280d075c160a1c4688ea3f3a1b9c0ab23bf551a6f457b3d04f7f8c5f0
-
SHA512
52646857d2bdb11968706783c54c69f2a9ee1fad3f6bed6e1af690921994e7989720a6a884b898568f833159f01e91d029c08e71b16d85670c3e11a22cd0b6d3
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER KALI-1374W.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER KALI-1374W.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
PURCHASE ORDER KALI-1374W.exe
-
Size
492KB
-
MD5
8d51581d38bf6d814eeb107d8bb7056c
-
SHA1
cf22a586b7a298ab0032b20695902d43673d9c17
-
SHA256
1ab6018047531cee5f411099f396fb8fcdf2c8c20062e9c33118726265ccd5fb
-
SHA512
54588360eda1bd70c2b8da73297676d9bcbb6db0c56c49fa442308b7fdb1b2429586d9c7db5ccdcd23afc2d39fd5d2e40382faebbbe738ebdf363f13cd1cd563
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-