General
-
Target
5388210464c4a682e90abb97106518c925647f8c165a21961b74db15d293b446
-
Size
405KB
-
Sample
220521-n78q1aege8
-
MD5
12ee7eaf3e42acf7b8bc346b099f8e56
-
SHA1
5651b1663eb7beaa827527ec2bab2e6d35d4158a
-
SHA256
5388210464c4a682e90abb97106518c925647f8c165a21961b74db15d293b446
-
SHA512
803e70eeb39e596322105e08090e72545d6203a1563133b02ea9b9a069639f9183e051bea802e7b28fe45159ebdab3e15ed40e7eaffc44159aa6ab951e881178
Static task
static1
Behavioral task
behavioral1
Sample
3582133.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3582133.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.israelagroconsultant.com - Port:
587 - Username:
info@israelagroconsultant.com - Password:
israelagro@123
Targets
-
-
Target
3582133.exe
-
Size
460KB
-
MD5
814d60b47619ff47a081818e6d2fdb02
-
SHA1
3356b6d7a362db8c0aa04afe798870aa6f9ae966
-
SHA256
e4392c3867a7b38a96f352f3249358e0144717bde4adf6473e5f994904a98bb3
-
SHA512
edabbcc51509ec59a908616d7d3b43f8e56f99a026e218b8fd6980de382618c83cd890a983a7774517d1853c356f8f6df19173976740a4f774bb0976c9bf43fa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-