General
-
Target
27f61a512a54ef59344c895f8d3dc86d9f6071b71ad6cb67196739b9872e1e25
-
Size
450KB
-
Sample
220521-dtxrgagcg7
-
MD5
d0913d3fc1db63ee924e2cae70b9f4c5
-
SHA1
1c3fd1c50aa4c089b87fea9af9a9b11a041a015c
-
SHA256
27f61a512a54ef59344c895f8d3dc86d9f6071b71ad6cb67196739b9872e1e25
-
SHA512
04a1eee480f663cbd9a3889eed0de9bf454ad5389ac7a3bb0b1d601c8a66775939f958e0b71abf338eca2eb5725813fb6ea0fab4bf01ffac12b27978b95f0829
Static task
static1
Behavioral task
behavioral1
Sample
Las transacciones de su cuenta entre el 01.05.2020 - 30.05.2020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Las transacciones de su cuenta entre el 01.05.2020 - 30.05.2020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ductoslimpios.com.mx - Port:
587 - Username:
[email protected] - Password:
Nhost+321
Extracted
Protocol: smtp- Host:
mail.ductoslimpios.com.mx - Port:
587 - Username:
[email protected] - Password:
Nhost+321
Targets
-
-
Target
Las transacciones de su cuenta entre el 01.05.2020 - 30.05.2020.exe
-
Size
484KB
-
MD5
32b20f8e93bd7f4092ecc41e593df509
-
SHA1
5649819910784787eecae42dd12394849f8c80fc
-
SHA256
0adddcc2c03723a2282bbec5342b52f6b765973774593125a9b87939e3f8a8c2
-
SHA512
bc2332e179f95b4a8362e65d4b81f6b75f47f5aa25cd3c29956383c12816beb7f6b092a5c62d8fda928c2b9c18d316fa05e3375b96cb98551c74b5bb8380b351
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-