General
-
Target
77b9395c31cfca9f231500bf7ffd47a758812225749d63bb896456034b532a1a
-
Size
405KB
-
Sample
220521-c7vnlaacbm
-
MD5
b95dbd196414391747bce8cd70d3eecc
-
SHA1
442303024464b894bfcb9b4512b4568b48559612
-
SHA256
77b9395c31cfca9f231500bf7ffd47a758812225749d63bb896456034b532a1a
-
SHA512
e6a6aa281ee351c0c587865f18c9e92bc2a84265de287d52b31da4f4453eff741e6119e02d14deee39c4bf287939c55299915a40061ef7efa2ae89fadac9a378
Static task
static1
Behavioral task
behavioral1
Sample
D260170479,70254.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
D260170479,70254.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.israelagroconsultant.com - Port:
587 - Username:
[email protected] - Password:
israelagro@123
Targets
-
-
Target
D260170479,70254.exe
-
Size
460KB
-
MD5
814d60b47619ff47a081818e6d2fdb02
-
SHA1
3356b6d7a362db8c0aa04afe798870aa6f9ae966
-
SHA256
e4392c3867a7b38a96f352f3249358e0144717bde4adf6473e5f994904a98bb3
-
SHA512
edabbcc51509ec59a908616d7d3b43f8e56f99a026e218b8fd6980de382618c83cd890a983a7774517d1853c356f8f6df19173976740a4f774bb0976c9bf43fa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-