General
-
Target
cfaa07a65524716f01de1841b46c84afa1be4b2679251cfd153cc652a4d2e0ff
-
Size
390KB
-
Sample
220521-cjnkdaeaa8
-
MD5
36cdd81355642b1aa284f31bee867886
-
SHA1
6b5a7b8b4ba8ca82d175c6df8c0d6617ff4a3fcf
-
SHA256
cfaa07a65524716f01de1841b46c84afa1be4b2679251cfd153cc652a4d2e0ff
-
SHA512
bbfeb085969a28d860f1d5ea40f2dcde0e6e90c1f80592022fc283f1c5ea78ab0628fba6c8ad67f9f0e7cad865660fe14bf8351f0cef9c5f45a1b1b151126a9a
Static task
static1
Behavioral task
behavioral1
Sample
000028990022201_S.05.12.2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
000028990022201_S.05.12.2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elhelado.com.mx - Port:
587 - Username:
[email protected] - Password:
4042Ad@+
Extracted
Protocol: smtp- Host:
mail.elhelado.com.mx - Port:
587 - Username:
[email protected] - Password:
4042Ad@+
Targets
-
-
Target
000028990022201_S.05.12.2020.exe
-
Size
447KB
-
MD5
911395d838df7e2a013290724591638e
-
SHA1
6921fb84679f374c6d0c1e0eda678922bfe736eb
-
SHA256
17c3a3aabe85b35b68b3376bf9470d45770dab07460b139ba25c1c31c76297fb
-
SHA512
4ba1f3b881c6bd66f497bc9c95306e1507c4dacef4b01b0798b8d950486d0d9ee33368e7b6ea9a0bae945bee8bc84c9a5e0f408bbb065163ed71c32a712e9383
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-