General
-
Target
26b9dbe45e846a4d27ed41fd308be0e031fdbf9f2f742bdc95ab8625ab73f4a2
-
Size
467KB
-
Sample
220521-dt6z5sbchq
-
MD5
26130af3bbbf95a8918390d115f86007
-
SHA1
e9a5f0e9d42bc4ce5a864fea0015030619c6111f
-
SHA256
26b9dbe45e846a4d27ed41fd308be0e031fdbf9f2f742bdc95ab8625ab73f4a2
-
SHA512
51b711439b4a618af65a8df52db094b59ad139c7c47ba9fdd04e8314bfd7c152401f420d0a1c9cef15dec0f016dce9cb6725ddd598aa318702042cebadbaf015
Static task
static1
Behavioral task
behavioral1
Sample
ORTHIN RE303543 RE3542.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORTHIN RE303543 RE3542.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.climasenmonterrey.com.mx - Port:
587 - Username:
[email protected] - Password:
donttouch@00
Targets
-
-
Target
ORTHIN RE303543 RE3542.bat
-
Size
592KB
-
MD5
ffc45247ab0320341d6e017077be0fb3
-
SHA1
aad7e9a69dab1c5e35df8dde1e3136d8731df981
-
SHA256
2ac203d2ba2fc79f4fa43ea2fff3b6e2d9a30bb8d73f6c809c50f8882913b373
-
SHA512
182bc8566bee01d5c55fff04e488267001a4ade177820b2db6814fd4b4b72157cf2846df80ffded3227d9f6a77f14fcdcb05edc86ac963ebd8d3e4951a952c18
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-