General
-
Target
daf79ca1365100618e6b5ab5267e3503245d3fa2b5c799faf5d3c4169c0e36e0
-
Size
476KB
-
Sample
220521-cf4gesdgh3
-
MD5
90a0d04061e12904ddb246e30633c8d9
-
SHA1
e3c8d048be97114a1372fabce14ffadd0214eadf
-
SHA256
daf79ca1365100618e6b5ab5267e3503245d3fa2b5c799faf5d3c4169c0e36e0
-
SHA512
268e0e840a41949f57b9bd59e0f88a4e7ff59e3b9b1177983963e20c66ba8a6de9ae877959bb433fb86cad1fc5d73f231099f441cebb8c26eca99135069b8cba
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
[email protected] - Password:
9+^va&phP1v9
Targets
-
-
Target
Shipmment Details.doc.exe
-
Size
593KB
-
MD5
2cdfc23862dd7eaad438857cf157e927
-
SHA1
ddefd21c0fddc8b5d85bde29f9cebfc48a2b5ba4
-
SHA256
a18085ac71d9d467d624492a847de1e7b6f7d4439ac496acbc67e28977e60606
-
SHA512
0ccb890011e9b2d27a5035fd8a088e84b0ce6d74f3645a11f3aa39753c972f707d56f85c141f40a5be4b2273bc481e0cd1e6acb31cdb1151d5dfc9d135d31deb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-