General
-
Target
05c734317f0e2207606025a52074d87d81d588977eb8bf218728f81b48a30c3b
-
Size
428KB
-
Sample
220521-byyhfsfgek
-
MD5
3037116f3fb8c036281b9c2628f163a6
-
SHA1
90d29c5565b0d114174d64e071920da48524e182
-
SHA256
05c734317f0e2207606025a52074d87d81d588977eb8bf218728f81b48a30c3b
-
SHA512
3ce23a44ea37f622ed9be170bbde61e71d0e4463eb8a6931d8e0b753ecefdf39b1e58fb8f857d802996ecce598f31ce92ce54a73b1e2066d630c2d5af180f187
Static task
static1
Behavioral task
behavioral1
Sample
O_R_D_E_R JuneJuly Shipment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
O_R_D_E_R JuneJuly Shipment.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
mkoify147@@@
Targets
-
-
Target
O_R_D_E_R JuneJuly Shipment.exe
-
Size
510KB
-
MD5
1c76f6f0ff84104e4113b0cc75a6c05c
-
SHA1
578e85e628bf0d644798b2d5c7e0bcdb565cb0ee
-
SHA256
e1432f2dde886e737a5bf123c430c167c86285406b779fd67eaf4bf9c8fa7022
-
SHA512
b95960b92df3b308cfe56836bd7e5d7228abe7632fc4c76d5d7274f4fe7dc5c16e9da0210f5bb838b0e737e449c773833528072250503da7e89192a5e4d66095
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-