General
-
Target
733813587f5ab7a88aaa597563ee9e3a566bb3c4c7ad411eab6fb14c7ead28b9
-
Size
742KB
-
Sample
220521-n589raefg3
-
MD5
6e6aaedd1664f5aac665a027c4150bd7
-
SHA1
9f380510c3a9f6f4b2e1faa62bb2f72cf696916a
-
SHA256
733813587f5ab7a88aaa597563ee9e3a566bb3c4c7ad411eab6fb14c7ead28b9
-
SHA512
97d8eb841d00a292eb17b622138a61d0daf5295a84482b027fd762b093431055c358ce1c1ff7aa5a36b6d08842e11cf65428483ad724d7b6ea82ec737b1715df
Static task
static1
Behavioral task
behavioral1
Sample
items 001.xlsm.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.villanika.gr - Port:
587 - Username:
info@villanika.gr - Password:
n2^-9wE@Wl}t
Targets
-
-
Target
items 001.xlsm.exe
-
Size
859KB
-
MD5
fb7e94850448226bd2a498aa3b1563ea
-
SHA1
d700879ce59f46b7a774db6e4cb106245971e235
-
SHA256
2a4411192b4d6c488f67079fa17e4c245825df49a8858fadd887dd616ab1c0a3
-
SHA512
d43314e5e70070127c60813c026a928f5ee76fd92c94dee516adf6104b59337585fcab030e9678eb2447e67f1e9f355b7c20dc669569f8b1f164feb5dca6c631
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-