General
-
Target
f7df6e1d0c223b5ab0a09a5427899cf74edb243f55d29f4e8a154dd4e09ca74d
-
Size
576KB
-
Sample
220521-n8js9segf8
-
MD5
e724bfdc0433ace348a13600f1cce9c4
-
SHA1
52ce8235d48a8e34bf0cba559e90138707709f8c
-
SHA256
f7df6e1d0c223b5ab0a09a5427899cf74edb243f55d29f4e8a154dd4e09ca74d
-
SHA512
c1f52db0a9053b59acb0113cc6d1c37e90f8ca20952b45a17a8e184dae8647b1f8cc550b7a02e84f74f7a8f7e1d1a8d90ff0a07f63a2210800ca4e9e98eb0a1f
Static task
static1
Behavioral task
behavioral1
Sample
Fwd Overdue balance request.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Fwd Overdue balance request.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Ijeomam288
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Ijeomam288
Targets
-
-
Target
Fwd Overdue balance request.exe
-
Size
525KB
-
MD5
327e095912044c837cd14c4790b5b722
-
SHA1
f2785765bf53962850454c04b2ae9a5781dad2c3
-
SHA256
d3f1a9f5aee95facc51d611b7deeef7da85a30c028be4a3cc9cd10d0e7bf99cf
-
SHA512
29dc2737c9111bef912736b698a83e8295201317e8a062b8ec06b72ad4b4a40a0a291406e7f50e0947eeebd236bf2ced81aaf87c954ba1b7efea39c9208a9fba
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-