General
-
Target
582c09cb88106231b13574cb3bc848cea346558a985bd13d1ccd8031a5a2a0db
-
Size
422KB
-
Sample
220521-df4ymaffb9
-
MD5
ff721b1231221a271ad4de7355286fa1
-
SHA1
820ee19536603b894238c1378fde68be63e729b7
-
SHA256
582c09cb88106231b13574cb3bc848cea346558a985bd13d1ccd8031a5a2a0db
-
SHA512
08e92c851357aac300c9e3d3f0e639c36376ad5738f443e0b60600339329652269a2ee25c9d518ba8a64e53c989cd7c3941eda38118d2a21771ec2e666826e87
Static task
static1
Behavioral task
behavioral1
Sample
qt8hpBzVEeH1O8B.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cpworldindia.com - Port:
587 - Username:
[email protected] - Password:
bopo@2014
Targets
-
-
Target
qt8hpBzVEeH1O8B.exe
-
Size
477KB
-
MD5
f8c833483ed462c778e1ca98cc9b4e48
-
SHA1
881d60f55cd7dcba349080e50dcc3249a2acfadf
-
SHA256
dff01b9f8946ed3792fe4e32ae3f95834c892f16ca219dc99d78fd15064f82a2
-
SHA512
03f1635e7121c4b3f6d1fa4386cee1d15e9b1a3c51c93dff876bb7429d0fc4d6437bd1fcfc97b39a406900203f0664109d673f46b1b18741ea4d62a25697467a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-