General
-
Target
5a3c1ee3937ff814ce4f26c3ebef18ffe4cf6e218411d906d5c8f21caf7ba333
-
Size
426KB
-
Sample
220521-dfqe8sffa8
-
MD5
6f97e534665651d4061f376f893a7396
-
SHA1
ee642fd67c6bc6d0e1045b75e9c3ea8641dfaceb
-
SHA256
5a3c1ee3937ff814ce4f26c3ebef18ffe4cf6e218411d906d5c8f21caf7ba333
-
SHA512
c32e4a32b81fdb2b1e561312eec65ab085ef63e690781a22747005aae15612ce6b89f4fc79ca047eaad071a849ead0dc784f06b7d19a786ff9a89bcdf8858e34
Static task
static1
Behavioral task
behavioral1
Sample
Ref PO-11059021022021.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ref PO-11059021022021.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
Ref PO-11059021022021.exe
-
Size
481KB
-
MD5
cdd313e8c6d6ca6489f6b4a3d0d0f2ca
-
SHA1
672f4a5496857a30f1491f308596c2a062569fa5
-
SHA256
7671a41dabb2a4e2f84270501f7c4adc005ed000d889de21d7bc1c859180f585
-
SHA512
7f81c539b3a9ec3c075f1026a076d1ae2d55252bec0374e3d574dc5a7c754d0f255582db45843a11d00460768bf9bcc8ac55fc50ece75d361ce70bfb9fe1212c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-