General
-
Target
08c1acc233ffbfbd00d3a1a96423dda03e9012ce04d064b56c6df47d0a4baa49
-
Size
377KB
-
Sample
220521-d3zx7abgdr
-
MD5
ac0b9fa3eaf901797a96e4c4a0b6b44c
-
SHA1
35e8d896d6b70458f59ac2469fc452be82ab8529
-
SHA256
08c1acc233ffbfbd00d3a1a96423dda03e9012ce04d064b56c6df47d0a4baa49
-
SHA512
8cd16287392380907ffe5615e253fed136c84de92ded2e32c5abce6330351dde46e976d7f516887b6daf144e0fe494ad10d77abb074fd0ca72ad6985b7b7a0db
Static task
static1
Behavioral task
behavioral1
Sample
OC_Y9057241738.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
OC_Y9057241738.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gfaqrochem.com - Port:
587 - Username:
turkey@gfaqrochem.com - Password:
FkbjX@(6
Targets
-
-
Target
OC_Y9057241738.exe
-
Size
410KB
-
MD5
e9ed40cd41060913c64c2854b32709cc
-
SHA1
0fee17c5fdc6df6b8df4609494347aa6099d3371
-
SHA256
bb8b06ada96296ed57372c977fd4279afd2d273cb3613080b243f15936c89096
-
SHA512
f599abe39c95d211a6c7d11ecd310078ffb78fdf5f1f7e7c98f6ab1dd92e02bb9f5826f208e4dcdd985a0a68a523ab9b5ccaf017c8da70df9e0bf4e88d1b5107
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-