General
-
Target
3a68063195e24c81ff5871a3f3c75053ca9a93131378da60609ac94134a1a5aa
-
Size
380KB
-
Sample
220521-n9ldgsaafq
-
MD5
148f75765e39dcd8263cd6a8f9132834
-
SHA1
e61a6b352b78f4c1b10010dc7779dc9985a3e080
-
SHA256
3a68063195e24c81ff5871a3f3c75053ca9a93131378da60609ac94134a1a5aa
-
SHA512
def3469563bafe2e8a24935b6a07484d50e3d75640a07a37aed738e47b5e0941b8db66b1b7a082efe829c9c747e1cbacfb59f865b271a677304531de2bad9604
Static task
static1
Behavioral task
behavioral1
Sample
E-Remittance Copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
E-Remittance Copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bethfels.org - Port:
587 - Username:
jamie.swan@bethfels.org - Password:
%C@sFFb8
Targets
-
-
Target
E-Remittance Copy.exe
-
Size
403KB
-
MD5
561ed534bd9e4061d4b434e4e18b9cc3
-
SHA1
de3fb19c36a7def9b71198b8fbd3de50afcecfe0
-
SHA256
aa00c67caa3688bdffc0b6edbb7c4b599c1e18e78c46f917dd28bc521af120cf
-
SHA512
be6749f3496e2a9b918235233f39ca5a22ca0a43025e0545bde2b8247eb35bb08dd5bc3111ae855adc5a4a0b9d04a6230180d3e8ec3a9599c06e0690afd5b53b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-