General
-
Target
b04dc35a8144fff2f2506da1a61471a505f84832545c96bd2e2d3d741a2eafb1
-
Size
409KB
-
Sample
220521-cr3n9sedd2
-
MD5
d206a1ea8494b65cc919fd2d816b443a
-
SHA1
987ccf65c32c365028d1f6bb6ef41a20ed9e068a
-
SHA256
b04dc35a8144fff2f2506da1a61471a505f84832545c96bd2e2d3d741a2eafb1
-
SHA512
4a114c24cf2341821fcdb1b958c1fe305ca495fcfc1292e8c81ccff9943821683de140de56e5f1c7124f41506f3144c1695a749351954891bbb4bf1388ef0929
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cpworldindia.com - Port:
587 - Username:
[email protected] - Password:
bopo@2014
Targets
-
-
Target
Swiq7jfYQ3Wi3x8.exe
-
Size
502KB
-
MD5
a6acb89b4a2941b7060b006034447d96
-
SHA1
87692775b716269bce60515041030854aabbafa7
-
SHA256
3168af462696c8edf2bb2ab1537782ca60135573d977c6d3264ca2069871d9b5
-
SHA512
ffb9e8c7ba28575930f58999254ae06a2042011457ac1ae8860e083139b36a8e6069e6a3bfe9aca666728cffcb82378ec18c11223e97d1eb5505befd4ec2f870
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-