General
-
Target
9fd56f100c6f272c033ab5a942bffcc3b47d87816c72bfcd4ad6bb2d78e29f10
-
Size
486KB
-
Sample
220521-cw1epshfgm
-
MD5
3572eab5103e607c7b61ce95a7916091
-
SHA1
b136e11501c9811838158baea19cf7cfcec6907c
-
SHA256
9fd56f100c6f272c033ab5a942bffcc3b47d87816c72bfcd4ad6bb2d78e29f10
-
SHA512
9e8111da29c5b709666905f817f8992b0906dc1c28406f5fee4fc909e1ff9f2b019ae1da99d8ba9a04ac48dbcc736c7907fcc5d48e83d880d103a8c727e1527c
Static task
static1
Behavioral task
behavioral1
Sample
TT COPY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TT COPY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
TT COPY.exe
-
Size
540KB
-
MD5
8cb73260e8cc3d0f51da164e2f30f9db
-
SHA1
956cdf7991eff9c64e6d2b9148bec190f347f908
-
SHA256
89080cc94eae4cab0a8d50729214296a16767368c12a4f679baab998fad152fc
-
SHA512
fb173cf6d551e2e223010cf2180bdaa289ee1f531c64345663caed9496ee59f9edaf6fb18028516f37b805e0b57522b63ab858578705431a891dfbc8ea92a2e9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-