General
-
Target
0e09a12b91ec3a3b40949222f2177ac2669a9b569533aaf1444db229234c4c51
-
Size
381KB
-
Sample
220521-d2pe3agfh4
-
MD5
d5c452ee2f616ed3681125ba036a236c
-
SHA1
095f8840c2de15c92f2e58d171093ee4c8c7a1d1
-
SHA256
0e09a12b91ec3a3b40949222f2177ac2669a9b569533aaf1444db229234c4c51
-
SHA512
591b3b768eafc6b02bdfe94ef843f116edce44871e2a292cceaa194e0b3a2d00d9e358fb5f6790eec9df6d06910616421c6bac07b4e934253e8fc8064f350c1f
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE NO#2058,2057.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INVOICE NO#2058,2057.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
evescofield@yandex.com - Password:
Everest10
Targets
-
-
Target
INVOICE NO#2058,2057.exe
-
Size
404KB
-
MD5
0786d4fc24443f2b8ff0e0b64fd3bea2
-
SHA1
873d84cca9be2c0783480d6ddd80e7fb87ad5917
-
SHA256
c715a1f063c00f968ee5f5134a8bc089a336784c534bb006c1559be01ad5c35a
-
SHA512
0bb6f61429eb7bd0c399264c985763b133fea5606637d7950610de51a9da6cd9d0af7f311cd49f15bb6a78c14971d527590d8b416c0e69a131ec723d9d6174c5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-