General
-
Target
0a353ef346b1c2ecbfd2cda35040b6b5e9853dd60e1cb06f1286eed10463829d
-
Size
451KB
-
Sample
220521-d3hnxaggc4
-
MD5
2f7bea0577115f7682c9895d2a5f4426
-
SHA1
fb5e639c90562cdc70418a414baf2039f9d5f9fa
-
SHA256
0a353ef346b1c2ecbfd2cda35040b6b5e9853dd60e1cb06f1286eed10463829d
-
SHA512
5d7b93233666af93aa4c9eecac6ae6dc875a6c7d8a8c271f832b1dde2830d0f6b163f80dbb48798a450a6cfaa9513ce16f14c1259a85dc7b8093e1e029f3aca7
Static task
static1
Behavioral task
behavioral1
Sample
Order 1097 SOC 0057-20 - LK- 195-18 A05XXT00INFOCC.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Order 1097 SOC 0057-20 - LK- 195-18 A05XXT00INFOCC.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
microft@eusuppliers.info - Password:
!4U9j9yMSn=G
Targets
-
-
Target
Order 1097 SOC 0057-20 - LK- 195-18 A05XXT00INFOCC.exe
-
Size
539KB
-
MD5
187d6f52c1fb597a5b23b0abca7727e1
-
SHA1
cb5a7cdbe04c2c1106603a290e272ad48090e015
-
SHA256
cee75468b5e72c5859de410468220a3d897b5eea8cd633fac8db04ad90d48e3f
-
SHA512
ba7998457a26a725de89dde626d47b274c3d29fd8e6815837730e7903716ec7c51183e0e68226bef18a1bc6f78cf5e48380451588dff76bf4b4b2be645c3b5b7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-