General
-
Target
0384d5794b195b37bc3a11d5b540b9d421f24b26431aafe3bd4bd5f2bf24abc5
-
Size
443KB
-
Sample
220521-d495jsbghq
-
MD5
593162d3c97496e003502cd95878babb
-
SHA1
db037fb259e06a14943293ae503100bc1ef3b1c4
-
SHA256
0384d5794b195b37bc3a11d5b540b9d421f24b26431aafe3bd4bd5f2bf24abc5
-
SHA512
3b6c8999b0d20201ca0d3d9e2ce3fb5bb98eff8f3a9da84b116e950f877091798b88f6be2126174d1c6e77a5ec3e7c4a1586586f2e0f1ef07df633f83ca4e64b
Static task
static1
Behavioral task
behavioral1
Sample
45675678_B.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
45675678_B.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
ju5tinemike@yandex.com - Password:
princehero1234
Targets
-
-
Target
45675678_B.exe
-
Size
486KB
-
MD5
c677085630237e46e5d80f69ab090ad0
-
SHA1
29986b0e2300bb9a34d6692227dc522d12a92107
-
SHA256
67b2cd29fa6e7d0e7b435506d26c026e853e137dd4cc49f714859f9d75a9a546
-
SHA512
c2342d2b7113676ff2fa3b3213dbebbc3af714cbb01f14bf9b7bb4cf899866ce9ad1eb9f70f8ffeddb248fdf66377c783a4cefc3a7edc6072116955c6ffaa999
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-