General
-
Target
0d2671309e0ab3c8145965e9d11bfa16c5f8e21990c92cb692d904ece10bb48f
-
Size
389KB
-
Sample
220521-d2wt5sbfhl
-
MD5
9d79f892d819742209d8cc054aa0d8a1
-
SHA1
293c04a6ae71733ce0ad5af780c10ebe0adee2a4
-
SHA256
0d2671309e0ab3c8145965e9d11bfa16c5f8e21990c92cb692d904ece10bb48f
-
SHA512
0f168a008214844905f8044297b1393f256ef5250f61099446bc12dec504223528600cf6ef126395408a0e0c13ac5071a31a01d5f9a31c2f64b0c480bae20f8c
Static task
static1
Behavioral task
behavioral1
Sample
LEGAL ACTION ON YOUR COMPANY FOR LONG OVERDUE INVOICE.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
chat@hotel71.com.bd - Password:
9+^va&phP1v9
Targets
-
-
Target
LEGAL ACTION ON YOUR COMPANY FOR LONG OVERDUE INVOICE.exe
-
Size
411KB
-
MD5
cff3e5019bd36f4a7596fe229c9e6a2f
-
SHA1
b7d7e42f24cb3c3ef10497a64398a888790dcbb0
-
SHA256
9950693e7a2ed5a37008ea3a7c2a185132af4f3fedfbbba41fb03939dadb8044
-
SHA512
67e13ab5417c8751b956fd429b13fe11291d0263699c4e8f253b7ab4e266b4b2afb1411ed0907b69d84c549d03c7f5398ff885d864899d743d200f7a222b5031
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-