General
-
Target
c7ffd5bb2b4cb924adf4cfe2767399b63f593267cfa92428b5ebe701e24330db
-
Size
1.3MB
-
Sample
220521-bz9xwafhan
-
MD5
794adc8dbb6ad1e18f74361132d56c4e
-
SHA1
a4f8ffd9aaff1e8311823f982775ab3bde887eab
-
SHA256
c7ffd5bb2b4cb924adf4cfe2767399b63f593267cfa92428b5ebe701e24330db
-
SHA512
f3366e43f19ba76e7a85078d1154e65e4b7a88425ba0467fb2487e9de2233293601bd31a511fce8132060a85b8bbe6285a1d26ec62f7f0e334532426ba1da464
Malware Config
Targets
-
-
Target
PO_EAS20.SCR
-
Size
811KB
-
MD5
76fc894d97a27187c25f2044a41f7320
-
SHA1
d0a55d34a29b4af20f73655f8742a150c65fea48
-
SHA256
dc0ee2896b9e30407a4edba7bdb3d7660079e343bb9652793a2e97c52f25a660
-
SHA512
32bdb9096bf4e2511d83819c0578bf4c57e46a4336c1ec86b107d6716d0b04acda81d3632a9424efa35e89d99eb90e475c6b6dcdb4e54ae5f9993ad6430d0bfb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-