General
-
Target
a204598c9e3e26f8316f1f3c99498607839666477d8816eb08007f56de2c6079
-
Size
383KB
-
Sample
220521-n3grqahffl
-
MD5
4b9753422040ead2dae94fbdbb8b6b2f
-
SHA1
a902d3d07bdb908abf58fa2400318258805165fe
-
SHA256
a204598c9e3e26f8316f1f3c99498607839666477d8816eb08007f56de2c6079
-
SHA512
fa3668368ca66898aab7a2172ed461d7557912df492171209bcebfcefdd66eb766dbc5b05a89f7435dd483d593b90189a075f9db3f92894e9b1339b2701b3101
Static task
static1
Behavioral task
behavioral1
Sample
FACTURA VENCIDA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FACTURA VENCIDA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.araneta.es - Port:
587 - Username:
instalaciones@araneta.es - Password:
ARIns2056--:
Targets
-
-
Target
FACTURA VENCIDA.exe
-
Size
417KB
-
MD5
e15587091feb670cf83c48b147e8e621
-
SHA1
565ab6223461ee26f3647af8184c66fc10aa4857
-
SHA256
1890ab9f7e4107096420bd8f0f5d7ff1a84d7b02c691675b70cf3382fda0a81a
-
SHA512
a34c45398286c9b116148e2fe20eb56f01402cb0a7b11b0c9ad05204bf8e35ac4b4de8b968b8293e3f738355c405ac2ad8b28bef9acb825b3ee6bfc39287f3cf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-