General
-
Target
0de8dced64072d768872c072a3f28906bcecb444324819ddc6e367f643f24e1a
-
Size
402KB
-
Sample
220521-d2qywsbfgr
-
MD5
ed11a055f368ef7d220d5ce9f95be07a
-
SHA1
e5b2bc2c34ee209ef9a3f68d7b91655d01baa6f1
-
SHA256
0de8dced64072d768872c072a3f28906bcecb444324819ddc6e367f643f24e1a
-
SHA512
c783f21f6aa0ec333ed56d9c1b0481299ba4dd48ba1150126ba982c7bdfeca7c26f8e2aa4b9b039b28c40955df02d6eadf33b64172896f0fd4f259ca287b0b9a
Static task
static1
Behavioral task
behavioral1
Sample
0030294009841121_05_14_2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0030294009841121_05_14_2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elhelado.com.mx - Port:
587 - Username:
servicio@elhelado.com.mx - Password:
4042Ad@+
Extracted
Protocol: smtp- Host:
mail.elhelado.com.mx - Port:
587 - Username:
servicio@elhelado.com.mx - Password:
4042Ad@+
Targets
-
-
Target
0030294009841121_05_14_2020.exe
-
Size
507KB
-
MD5
e14e866146e8241793c2b77aa109b86a
-
SHA1
ea6dd9fb056858f2312c976399169cecda46cfaf
-
SHA256
54c5c6ca1ecad5ee8aa26e23810788aafd5b7a2b643b621bf372a2ee75dcc522
-
SHA512
734ef5de33f010f71462455f3ab91f30e8200c4eece72f7f76d0c96b03105007fc8a7266e5a1b0b4380e964bda34839a78981bc0764c44e54ac53b125e12331e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-