General
-
Target
667588e04952c38d760c87825e66ea40a0bd51fac5eac510177a64ff2f9bef63
-
Size
388KB
-
Sample
220521-dcrh5aaeel
-
MD5
9b3428b6309a950986b065c215633731
-
SHA1
95024fd604abd040e9e1c6cfb57c4e111ecf965f
-
SHA256
667588e04952c38d760c87825e66ea40a0bd51fac5eac510177a64ff2f9bef63
-
SHA512
7ba9f470a9480d061426e13e716541282115bf4fc5290441a5a7c9b201f710c1062a60cb5ad2e3708c1f23e4151771dc3b9bf0c11afdbedc691c5467eabc6729
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
[email protected] - Password:
9+^va&phP1v9
Targets
-
-
Target
Shipmment Details.doc.exe
-
Size
446KB
-
MD5
6bdd9c15243bd5b8709b87b7ba10b3a9
-
SHA1
780f690b92f29296254f00b9f1958c2359991ad2
-
SHA256
2580575e95648d76aed0be387fbe6423ef72639b8aaa9e1ad84ebc5b74bcf7b5
-
SHA512
46a0f1f8a1c6d6cfbea8c287cd9f06fb44e987f8c452a2e5f99da852d871de1552a25eb7d79c794c817e16c7917d3e39383046173699c1fcc07f53dec0ec5cdd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-