General
-
Target
d22ccf0e5c5662dd86203cde0a3e9b2fbfca178f7853fad379283b6f0a039faf
-
Size
457KB
-
Sample
220521-ch5ghahaar
-
MD5
3d0e1c2c0e6fa4372a4c8e31bbad6b6d
-
SHA1
00b05c3c80c2562eeb3c1b41ed64623cbe9f9453
-
SHA256
d22ccf0e5c5662dd86203cde0a3e9b2fbfca178f7853fad379283b6f0a039faf
-
SHA512
862c576a9176d0dfa2fdea4d39c1a5984afdd294f7056adaf97822bdcf80af95cae1cb3f12e294a21ce28004a04eb669768a0a63e6d7ec725081bbf947908175
Static task
static1
Behavioral task
behavioral1
Sample
opo (1).exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cpworldindia.com - Port:
587 - Username:
[email protected] - Password:
bopo@2014
Targets
-
-
Target
opo (1).exe
-
Size
500KB
-
MD5
6f366f6932afabce27a09613f221fe7d
-
SHA1
4795261b97ca244bef5a007e2bcce74350a091eb
-
SHA256
f35fa2a6281a2a24016729d315083a638edf176a890a605dba2ac134e1733bb3
-
SHA512
8d063bb927760a9b3ad435162b3b97f0ccd824e6aaa96e97baa71460b29ae12388399138a0862e79d5754f1056e2e8ee5cd09ec91d02fdc3ee8578ca089ac651
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-