Analysis
-
max time kernel
40s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 02:42
General
-
Target
NEW PO -060746E7.exe
-
Size
411KB
-
MD5
1ce79c86bde0daf6fcebb4f81228c118
-
SHA1
ff3643ac0b1626472d23a09d7b603d457e811e5c
-
SHA256
2b969d8cdb8ebab56e42e08200126ecf287e3ce31245f7fb8563245cc53615de
-
SHA512
e761e0ece89802b07894af6f5780d374192a0a1575d34d07c5acf4226c74072af8b2823f8543702de7aad3c0f646fe0f5ed7d4e50db6022267e52cb9e192ba82
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload 4 IoCs
-
ReZer0 packer 1 IoCs
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEW PO -060746E7.exe"C:\Users\Admin\AppData\Local\Temp\NEW PO -060746E7.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"{path}"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
-
Filesize
320KB
-
Filesize
320KB
-
Filesize
320KB
-
Filesize
320KB
-
-
Filesize
440KB
-
Filesize
8KB
-
Filesize
32KB
-
Filesize
344KB