General
-
Target
121cdea2df529b26680b34ff321b2ad969d0154a6cb82510c8cfec7ad6837217
-
Size
399KB
-
Sample
220521-dz82pagfc3
-
MD5
5bac2fc93443c54e41b548519499d4d3
-
SHA1
e0eed2cfd2dc5acdd4fc86b5d75e0f68916c0936
-
SHA256
121cdea2df529b26680b34ff321b2ad969d0154a6cb82510c8cfec7ad6837217
-
SHA512
1f238cb279db6bff71b33b0d91f7e89fdf181314a864be543b37921cb9dedd306043500c46190f63eec24f530c767cdafa8169ddc25dcf8e6479c3e9853dccc8
Static task
static1
Behavioral task
behavioral1
Sample
vGwstAXAEuoVGAx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
vGwstAXAEuoVGAx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
sumay.naing@bluescopa.com - Password:
#4#o0YqVdb*d
Targets
-
-
Target
vGwstAXAEuoVGAx.exe
-
Size
457KB
-
MD5
2ebea9204cfdf944bf37c6140c27363e
-
SHA1
d45126d7005da0cc21c144a6965c95779015bbec
-
SHA256
d7fc1fdc5afad60c339e07702ea0693588677f7a9e04dce3dd0938f554de402c
-
SHA512
59ae87265366b4dc90acb71a34cae9fe79664bd9990ffdbf01ceecbcce972efd72c27b5508f8d722a98941cedc623c3f9e69598123cf16a5e7d5f2767fbcb962
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-