General
-
Target
f84d5ae4feca97952cc596c2b97be8ae94487786220a4bb48645d82c31ff4f00
-
Size
462KB
-
Sample
220521-n4631ahgek
-
MD5
9a75c0b4a31f20b333d90f971b264062
-
SHA1
1465143ea5a85cdb9d57532f61c2629be2ed4916
-
SHA256
f84d5ae4feca97952cc596c2b97be8ae94487786220a4bb48645d82c31ff4f00
-
SHA512
1c0fd527f9326fee23c48a57742d1e32c3ae3e8278f7274fd29b09dbdd235b5dfaf11f4c776225f9cd53e02bad9b840e368d93ff9f68fc8a92dd91d09b535da6
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tolipgoldenplaza.com - Port:
587 - Username:
dir.fb@tolipgoldenplaza.com - Password:
Golden@#$2019
Targets
-
-
Target
PO000170.exe
-
Size
509KB
-
MD5
080cfd17bd94ff40a8813cd7c8d03b67
-
SHA1
4a100e472fce2d52d58d153cd0ac4a82c6b79e7b
-
SHA256
cd301ca1c374c26aca9bf5381a3b491ae384f06868617c6c16b563213854d159
-
SHA512
7a7635ed2c14644a813c1d2a60cad09bb6d4c728cc2d3bdfd75f9e13ce4b8b044482b4eb20f942bc95144c48ae286ae5295003563bdb17296a8f3e9b16c0d3c0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
SnakeBOT
SnakeBOT is a heavily obfuscated .NET downloader.
-
AgentTesla Payload
-
Contains SnakeBOT related strings
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-