General
-
Target
07c423dd3656ef72863928c5e4b796d02b932a06c333771c9c03da68b94bd3e4
-
Size
405KB
-
Sample
220521-d3936abgfj
-
MD5
dab7114fc7fbb2f5ed40868cfb9dbaae
-
SHA1
07196f252a15b5429515a27de4278f0e87c7c47b
-
SHA256
07c423dd3656ef72863928c5e4b796d02b932a06c333771c9c03da68b94bd3e4
-
SHA512
f5ea636c64f9a4533f65e43c967a84c9828c0980c0bf7fda04129662888c928217e9dd2de5594fe474711ba689cfcc67577389a9787d9c633d0529eaf5ac9c0b
Static task
static1
Behavioral task
behavioral1
Sample
SCAN4396_000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SCAN4396_000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.israelagroconsultant.com - Port:
587 - Username:
info@israelagroconsultant.com - Password:
israelagro@123
Targets
-
-
Target
SCAN4396_000.exe
-
Size
460KB
-
MD5
814d60b47619ff47a081818e6d2fdb02
-
SHA1
3356b6d7a362db8c0aa04afe798870aa6f9ae966
-
SHA256
e4392c3867a7b38a96f352f3249358e0144717bde4adf6473e5f994904a98bb3
-
SHA512
edabbcc51509ec59a908616d7d3b43f8e56f99a026e218b8fd6980de382618c83cd890a983a7774517d1853c356f8f6df19173976740a4f774bb0976c9bf43fa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-