General
-
Target
b1400605c43b2ecb15fca9132f558cc4aafa2e78058e52d9929b9b0a0cb6972b
-
Size
464KB
-
Sample
220521-crpseaedc2
-
MD5
41da54b45240eefd65e469b18e1e30c8
-
SHA1
790fb8397c853eee9e82c7d689ab87ffa680bfc1
-
SHA256
b1400605c43b2ecb15fca9132f558cc4aafa2e78058e52d9929b9b0a0cb6972b
-
SHA512
3c18585216619eea46743121c1c5e31f3e30f9c69ee76348ec09780d5f9eb331d8a9fc38e2b083e11c5e8c23021efe8dc39b180c566c0cc870b661a10483acaa
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
BANK DETAILS.exe
-
Size
592KB
-
MD5
d8c4f79c53e551b8fc73c4411996d907
-
SHA1
99630818dff1e7b6f5ef56b766d70ba12411c5ee
-
SHA256
a083e924898a75762310530246d06bdadd4507aa660a62a9e5913c7862ba0152
-
SHA512
e8351ebbe95efb29b5207960436dd27ec913d6eeafe16f7a59131a7e9ecb6c56bc1f29ea15376d975d1a7a6c236d6fadaeddae970f86923dd7c38ca317452cb6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-