General
-
Target
b0ed1fa6c49e2148e62fb55d9640b99ed5e32010e3db738ba0b17ef3fb0d7e8a
-
Size
471KB
-
Sample
220521-n2lpaaeea7
-
MD5
569789279167015c8a9259221e8938d3
-
SHA1
460eb980def18485572dcb6498f5ee4d080a53c0
-
SHA256
b0ed1fa6c49e2148e62fb55d9640b99ed5e32010e3db738ba0b17ef3fb0d7e8a
-
SHA512
994617debab2d998d705ea714744291e79e0647f6a856fbb3470d587f88f0995cf931fe71db65044817d51e67f7aacc7046d8395523bbf8b6cadac47201f8513
Static task
static1
Behavioral task
behavioral1
Sample
MV Cerinthuspdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV Cerinthuspdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
[email protected] - Password:
eltaefSH6548883
Extracted
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
[email protected] - Password:
eltaefSH6548883
Targets
-
-
Target
MV Cerinthuspdf.exe
-
Size
523KB
-
MD5
c2a5bbb578fb4c742e818715b4eb695b
-
SHA1
af763c20d810bd37e661b5e3d1c27520783b7022
-
SHA256
288f7b2c4d5b4c951a079d7fe188d6fbfb6cedf4db4724f24a418078732a4c65
-
SHA512
fb81cd545887d8429869072041db527b46ca0fcd4c592ae4d92f6cb81b62286b902ca3c097333ef3b9afbf9f3f6b0833301f041c237e17372d5b8b74183636d4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-