General
-
Target
c6d3f058ae3d3d3609586acdd1fc51d20071dbd048975ca9959fb3d0ec7b7870
-
Size
506KB
-
Sample
220521-clpkfshbbl
-
MD5
f6f1c9e6cacd63700093fb62b0246961
-
SHA1
e34a536a97224300ff192fad530422feccec47fc
-
SHA256
c6d3f058ae3d3d3609586acdd1fc51d20071dbd048975ca9959fb3d0ec7b7870
-
SHA512
aef0520c32c99b7ed9a1ea18fcd3336bb464babfd70f6811e71b58dfa8cca205d1853ed0b0e4d52a7250cd573363711a05a40fc676b655019be06b6d97056623
Static task
static1
Behavioral task
behavioral1
Sample
payment slip.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
payment slip.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Blessed000@
Targets
-
-
Target
payment slip.exe
-
Size
903KB
-
MD5
e44da520fb1bd768b2ecb9de8d4f9af0
-
SHA1
c736083b2ad0e8b342da8dd18da3f0f65ee2aff8
-
SHA256
9e4a0e9ca5fc3d99fa1910cd19bd8db39c79ba01320341e5c9ce30ecff9ecdd3
-
SHA512
e2a3395e6418bdd310044aecd9bfba0d5416c4ebdac0df1991dafc91a09bcbcee3a726845c6b1d42abf95629b73fc22496deb882d74724e6ab7cd1ed878304d9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-