General
-
Target
256487f56f6ad99c043971e91572ccbe41f80b2f3e4a784323b483968c02d203
-
Size
390KB
-
Sample
220521-dvgfwabdar
-
MD5
06d050383216bc294a757e62663487f2
-
SHA1
570be79855dfb807cdac77e95d812af57babbe0f
-
SHA256
256487f56f6ad99c043971e91572ccbe41f80b2f3e4a784323b483968c02d203
-
SHA512
c15fb3b20ccf94cdea6c479d39e2b0c921ff5836f523c648e5a2b61d7e662a7e05d8c1fefb9844ba9b7fe8b884be3712ffea44d90d4c4dd57b683273a12d71d7
Static task
static1
Behavioral task
behavioral1
Sample
Shipmment Details.doc..exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
[email protected] - Password:
9+^va&phP1v9
Targets
-
-
Target
Shipmment Details.doc..exe
-
Size
483KB
-
MD5
ca3d8f1c6b86d36e95f6c77f56586c25
-
SHA1
e06640e1c6b22441a87b60bdb93e8af246c3e3be
-
SHA256
e386fd9c2ec4caa4a12389d0d1c20e870a0955eeb3ab5c72e7c1eab18ca2efb1
-
SHA512
2afcd73f31a03ef87362d8187d9ab858556e82050fc818f35df788f2091288b295815936e83359524b31bb7cccc6f39768473dc5459d4e3d04725e7fc776a47b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-