General
-
Target
260407439e1807452dfae37c622198a560a59219b98cb60567a3f0251a445ecb
-
Size
471KB
-
Sample
220521-dvcspabdan
-
MD5
52b5547334ce8ac70b2553ac1250a5e7
-
SHA1
e0f6545c716fc469dba565ebb4f4460c516bf5c4
-
SHA256
260407439e1807452dfae37c622198a560a59219b98cb60567a3f0251a445ecb
-
SHA512
06ed095747b94c878cd16a267f2de0c388c65110340ec096edcda1340ac8fab1b209c3c4acb700df7332bfbafbe467bdf9b6b026d415e6abb0e7ff38aa2c7a73
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
PURCHASE ORDER KALI-1374W.exe
-
Size
592KB
-
MD5
d8c4f79c53e551b8fc73c4411996d907
-
SHA1
99630818dff1e7b6f5ef56b766d70ba12411c5ee
-
SHA256
a083e924898a75762310530246d06bdadd4507aa660a62a9e5913c7862ba0152
-
SHA512
e8351ebbe95efb29b5207960436dd27ec913d6eeafe16f7a59131a7e9ecb6c56bc1f29ea15376d975d1a7a6c236d6fadaeddae970f86923dd7c38ca317452cb6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-