General
-
Target
e135bfe8e4f06d55fb579924d4b5783bfbc8ab29566141ae2890d6a17463c658
-
Size
566KB
-
Sample
220521-ceplwadgc9
-
MD5
ee35642d423168313ba26cfdaae7a204
-
SHA1
e2f10815a7e1081acc8ab6e27f0a2f2b113f4d7f
-
SHA256
e135bfe8e4f06d55fb579924d4b5783bfbc8ab29566141ae2890d6a17463c658
-
SHA512
cec35cecc45edad1465ec1f66a07bf0299bbb0424d62163eabeeaaf409c087d7b8afa4e625e52b81cc36b9c59e51f98910ef6a9d7f1f2b606674a895e934161e
Static task
static1
Behavioral task
behavioral1
Sample
Order_list for Quote.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order_list for Quote.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mosaiclayouts.com - Port:
587 - Username:
[email protected] - Password:
UY$W4+]^+9;)7CF5
Targets
-
-
Target
Order_list for Quote.exe
-
Size
504KB
-
MD5
44f7145fac997f144a95bba1213c319a
-
SHA1
2e917b9ed34e878a96a62b5c00882e249fa53dea
-
SHA256
f4d9dcad2e93b4affe2794ceda8a78fbed46306127727eea472431e49d567c77
-
SHA512
5ebd3db9edceda20663506182381e248dabc87cab9842004f4c93fa64d3e12f4ff51a5f246669bff91a79e9918b95630eda67866157b4817bf7fa608d488d0b8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-