General
-
Target
c90f8b71831759ad90838a68b67b6f307810193988878a021785d99930f47b08
-
Size
380KB
-
Sample
220521-clafjahahp
-
MD5
212c5d0d4ad690704a13f167502c622a
-
SHA1
5527cc7238aded5abf0e75bc5a704fcf35988eaa
-
SHA256
c90f8b71831759ad90838a68b67b6f307810193988878a021785d99930f47b08
-
SHA512
d5e97c915388d65b8ad3695a6f5141c5472a6628734accbe37127eddd82dc82abb626e8acc957d3243f7799d69be902cd6901bb78ad39e127136d76650dc4681
Static task
static1
Behavioral task
behavioral1
Sample
BANK DETAILS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BANK DETAILS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
BANK DETAILS.exe
-
Size
414KB
-
MD5
e31fab9d8d4a78dd347a2386bb32349f
-
SHA1
c9ca9f887d9d6e9de29201e203defd6bb62458c9
-
SHA256
786be13603b06cce80fac1349c514e29ecd2664a51f045bc5446d2f9647087ec
-
SHA512
3b3cd86d0067872b0375452020ecc2e3c6a9fb34a6ec741077ae5d680494b4c96fee890c57edb4cf828cb57e035ef6f0ed6683ef8c94fb1405647e10daf8ca59
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-