General
-
Target
efca87946f7d8ed91396af70c51417bb8e64b7d4945dd6b719ac3e9208ee60a3
-
Size
397KB
-
Sample
220521-ca8h7agfap
-
MD5
99f49dbdf398f322a16959a99f9f68a0
-
SHA1
7785f662a45a066c58dde8fa23cd454bd57d9781
-
SHA256
efca87946f7d8ed91396af70c51417bb8e64b7d4945dd6b719ac3e9208ee60a3
-
SHA512
697f2830e3c0456c799725b141fc70daf5cd645a469296743d5e5379f2fc28b7fdfddc125b05fd652d5c5525be47cd09c038ec898ffe8c88a7a1dc10ee2dd7a4
Static task
static1
Behavioral task
behavioral1
Sample
Akbank Hesap Özetiniz.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Akbank Hesap Özetiniz.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
macdonaldwene@yandex.com - Password:
ukingzbaba
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
macdonaldwene@yandex.com - Password:
ukingzbaba
Targets
-
-
Target
Akbank Hesap Özetiniz.pdf.exe
-
Size
492KB
-
MD5
cb16b2a3c36ee406f5519a17a346ef1c
-
SHA1
e54cc3b6455849ae037937e46e83c6934ee69573
-
SHA256
c77f6f00489f6a1270a3e1f783f53d9eb710f2ca615ab8f98dae03ea036794cf
-
SHA512
139eb98078452c8862e06e28ff55c874f3d5ac259b9b73acf0cdeac110cbcd7321fc8ee23089511e39177f33bc49aecde8e9223182d208179ca541e3b7f8e45e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-