General
-
Target
13001d8e9316592a0ba319cd3289b2210ede64338db27fba6ad7f97a0d747d01
-
Size
399KB
-
Sample
220521-dzxzesbfap
-
MD5
97d297389d2ab21c8f20187c4f816787
-
SHA1
370bada0874671a17979eeca71fc92f8a17e3e23
-
SHA256
13001d8e9316592a0ba319cd3289b2210ede64338db27fba6ad7f97a0d747d01
-
SHA512
8b4d92065f7f2110660ded58ffaa3e5a35b07e2e306b63a42f64465c317361e9c1d9ed39c723a99adba09ff46811ee3be50a9d03a6ede4a16f1c4a309aa6ba28
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_UD345KNG.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice_UD345KNG.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
vps.dochem.pw - Port:
587 - Username:
[email protected] - Password:
bAy64WwH
Targets
-
-
Target
Invoice_UD345KNG.exe
-
Size
457KB
-
MD5
cb3d05cce5867b81f644e23f1e73229c
-
SHA1
b715fd4259a371330c3e77c7af224b360b70fd5f
-
SHA256
6599a4bdbadcb94a61e747a55454ed5ec2938122daece5255de039aa3820c5b5
-
SHA512
b8ca74e694ef3174c95aad9e070225f0a60e5c3ca82168ca39546500baeb601c44229b4be3074733393cc53f8e996cf9c08ec3378071d87205a7ab3174dc4773
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-