General
-
Target
19ea5f9b3b966735e47889a09ef810a56fcf57016aa5a5acd4f0448be9faf990
-
Size
385KB
-
Sample
220521-dyd5xsged9
-
MD5
a4345ad24121ca2a409b31185d0e302a
-
SHA1
8f5df4304ccccc5ac337cfb2a541d60018de0385
-
SHA256
19ea5f9b3b966735e47889a09ef810a56fcf57016aa5a5acd4f0448be9faf990
-
SHA512
8649e05b85b01f2ca6338171e53b4f080e60816a75f22f3dcfe16c9c68845164cfdcccdf7dd992ee8d4881a789f00d9ffb81abb21655343f6fa9d121e65bc8ee
Static task
static1
Behavioral task
behavioral1
Sample
pedido urgente pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
pedido urgente pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.capeqlc.net - Port:
587 - Username:
[email protected] - Password:
UDzMprB6
Targets
-
-
Target
pedido urgente pdf.exe
-
Size
447KB
-
MD5
4112533aec736c3972f28ed1247be1df
-
SHA1
c67574ba3a5b36a3cf29ef3726ec031d55bd1c6c
-
SHA256
3b090c8b614dc1e938d974aec7fd3ecbc54783b4c7ad33493dcd6a776c649c85
-
SHA512
3a7ced0c397344be89cdc48b086e44cd560e866846c39dfe8b7f98bb875e09135f3b0944be3fca20fea98b20272bf56f56f66f3f1cd8a88d337543f65fc9aca7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-