General
-
Target
e5b9cfe75eb6a04fefe494b2840c956c82678fd4f76bf3092a3d1b3a14743209
-
Size
543KB
-
Sample
220521-n8xecsaacl
-
MD5
ab2245b07dfaf91975601015a6f1ab80
-
SHA1
349dd3e39087f4efd96e2c22a4d2432585b09f67
-
SHA256
e5b9cfe75eb6a04fefe494b2840c956c82678fd4f76bf3092a3d1b3a14743209
-
SHA512
3276a0cadb8543b1bb97062d215230919eeea01bbe68ea1ae381cdadcb08f7fa1b641b67b3ac408274789af532a553394ca4cc351c7dce6c133d87d14ac63579
Static task
static1
Behavioral task
behavioral1
Sample
20202105.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
20202105.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mail15.cp247.net - Port:
587 - Username:
info@regalhydraulic.com - Password:
Mm8182
Extracted
Protocol: smtp- Host:
mail.mail15.cp247.net - Port:
587 - Username:
info@regalhydraulic.com - Password:
Mm8182
Targets
-
-
Target
20202105.exe
-
Size
709KB
-
MD5
ed4258e4ca4dcf43f21bfe1c3552ebb9
-
SHA1
2380072ffbf0a616cea6da8b3224648ef6022537
-
SHA256
ddef618a8a5edbda2aad2dba2eac7de1d0f7a4e31cc4bebb9f2b6b4dd43d0174
-
SHA512
3080541d2e081e63775b046c0ccb226f6eacaf0c166e71e1f29873ed7b8699e143bf347e77082e3bec58b5d84feb5ab0b97a43a1339ff847ca90bc10d20247b1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-