General
-
Target
7ab52d3a81d38399cc86ef998c57ea7264d3ae37e83a139afcf381d386505532
-
Size
457KB
-
Sample
220521-n6k9baefh7
-
MD5
2bbdce77c53a82c310d2a81d85319a4b
-
SHA1
d9e61b53475cae47e75796c71abcb7f3a736185d
-
SHA256
7ab52d3a81d38399cc86ef998c57ea7264d3ae37e83a139afcf381d386505532
-
SHA512
5ad4438bd9c7aa4100b18e58b8d7a7b3571e03d8d74b02253b155eb1ef311cb7bb89d0e2a65785810a1d8e8e7f91ec8694d3510a06858ea3796aafdd793df588
Behavioral task
behavioral1
Sample
FACTURA Y ALBARANES.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FACTURA Y ALBARANES.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.fridec.com - Port:
587 - Username:
montse.varas@fridec.com - Password:
@zOmvs]eL!$*
Extracted
Protocol: smtp- Host:
mail.fridec.com - Port:
587 - Username:
montse.varas@fridec.com - Password:
@zOmvs]eL!$*
Targets
-
-
Target
FACTURA Y ALBARANES.exe
-
Size
506KB
-
MD5
f9d88f65edab1dcd6d14ce9fa7f3b3bb
-
SHA1
d7d56c3cdf5e17743c6ac38cd33884dc12e016ba
-
SHA256
8884820e4b10d43f04ccd1a7ff14eafccadf1184ce080b2b2e0836a7dc786f4e
-
SHA512
bf866c2e87385d106039f9aa28decae2ea196ba236946f3c821b617ccc9963025faa6c2c7c091ddc30ce71d49bb123dee7f6be26dc680a9c3a19ee031f0f5d94
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Contains SnakeBOT related strings
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-