General
-
Target
abe72a52290291b40bddddb4a38c09e8922ce33b4d3a1fdcdb744ff1bb7fd261
-
Size
509KB
-
Sample
220521-n92epsehd4
-
MD5
c69bab612409407834937281fb667607
-
SHA1
5dfe6f86e2cbcdbab02ca3e10bd01ffb9d6b4f3e
-
SHA256
abe72a52290291b40bddddb4a38c09e8922ce33b4d3a1fdcdb744ff1bb7fd261
-
SHA512
cc5e26b3104021388fc3ac1e6a94401f22e90c22a255415814988e2071b53da3f2fd7c54e4c9e43298da0281a2d3053682e411e4b7b777c5fdcf6346759bf29b
Static task
static1
Behavioral task
behavioral1
Sample
SAR EFILLING.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SAR EFILLING.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
zstcznz.org - Port:
587 - Username:
makonyo@zstcznz.org - Password:
makonyo@2017
Targets
-
-
Target
SAR EFILLING.exe
-
Size
544KB
-
MD5
da0d23618c8c21787ac6aa7d3831679a
-
SHA1
051c78fde7a38263e7325de811ab699e5db39417
-
SHA256
956338e6d5c9af567addc3d16a0026d124aaa3d0657471e0e0bdd8d87c3ee762
-
SHA512
f956bd574efdbe3a6bbadf7305cbf9d2db75f41bfc645ab75f5115e2fb11056b38693eaa78cb3922f88dd03ee40cccf935b6120bcc341dd7d7b2d33fc3aa25b5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-