General
-
Target
99d623f75a541bd87a9d583720ee08b02de86b85c8534c6d36cfd7345b4347da
-
Size
375KB
-
Sample
220521-cx9d1aeff4
-
MD5
bd40f295fda4b533b9ed1fd0f514ba00
-
SHA1
1637860c3334c054c4e4f35d5de708871ad9ea56
-
SHA256
99d623f75a541bd87a9d583720ee08b02de86b85c8534c6d36cfd7345b4347da
-
SHA512
5cbfdc793e1a41f7bdb09f3b64a88d4b2681e4e4d8670a1fb056c55cb46531b0f142ac6e6ab30d89ab2a151424d7cec409e19a14c7c6c2387b17b3f704287d78
Static task
static1
Behavioral task
behavioral1
Sample
proformainvoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
proformainvoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
atn-com.pw - Port:
587 - Username:
[email protected] - Password:
SjNfuyaT
Targets
-
-
Target
proformainvoice.exe
-
Size
408KB
-
MD5
972a096d897c2cce9887d32209f61959
-
SHA1
c6adcae4ed08b25063c0df24bb67b1f772ac011f
-
SHA256
a55012ee806885f057a2317d3bf72f3b7e43a77c1d1d75f142b73676ec52c6c4
-
SHA512
8a85793223889910e986bda8004cf47004171f11302d08f577182f937900baaf5bb31084c8608013ab1ff820a67648615750163be7597ecf8b2b766d33c2f9bf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-