General
-
Target
75aa0deb50e9ac8cc58804d617c8e77a2bab40b584161102de178bdede912495
-
Size
389KB
-
Sample
220521-c8h17aacel
-
MD5
4be2fda97bd85430d6a5a7a58e52d6c0
-
SHA1
2b6b1232263ed68bc702f4d592bac9692e2a9648
-
SHA256
75aa0deb50e9ac8cc58804d617c8e77a2bab40b584161102de178bdede912495
-
SHA512
b48a78122617992bc8c2fe12903a90376ce2dab330432966c52793c36fc898f1f3db8188e9bf1c4bd7fa349e8be7893f64f3c8f583b3939ca42775c7bedd3127
Static task
static1
Behavioral task
behavioral1
Sample
TT- Swift Copy.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
[email protected] - Password:
9+^va&phP1v9
Targets
-
-
Target
TT- Swift Copy.pdf.exe
-
Size
411KB
-
MD5
cff3e5019bd36f4a7596fe229c9e6a2f
-
SHA1
b7d7e42f24cb3c3ef10497a64398a888790dcbb0
-
SHA256
9950693e7a2ed5a37008ea3a7c2a185132af4f3fedfbbba41fb03939dadb8044
-
SHA512
67e13ab5417c8751b956fd429b13fe11291d0263699c4e8f253b7ab4e266b4b2afb1411ed0907b69d84c549d03c7f5398ff885d864899d743d200f7a222b5031
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-