General
-
Target
51850edc633afc4f95a2018f524aecb659f48adfaf148f4198da4542237002af
-
Size
399KB
-
Sample
220521-nfjb2aggdk
-
MD5
65c97e336a8b0b18a08ee539ed7d5681
-
SHA1
c37ef829e3ea6035096503b8385fa6d883a8ec7d
-
SHA256
51850edc633afc4f95a2018f524aecb659f48adfaf148f4198da4542237002af
-
SHA512
ed44f8e319f483d3b8885519de4e951eb9fbde412c7e0abeb7c6312d2e40aba1070f8675417f2261c0c43733d550c4815ade8878aa88c40b32586949fe88b09c
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
safaa.bishara@santemoraegypt.com - Password:
chimaroke2020
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
safaa.bishara@santemoraegypt.com - Password:
chimaroke2020
Targets
-
-
Target
INVOICE.exe
-
Size
456KB
-
MD5
5684e93ac01d00886522c83957a03fda
-
SHA1
f0cd2c1b674fb261364b22dd03c5413e891a55b2
-
SHA256
12ebc83e90c03ce193eaa16a2caab05f78f5b88499388738b4395043840cfaef
-
SHA512
2517cd1d5c7eaa9cf1286184fe8c903500db60d02d3a8318dc22179e0d1c36ec9655ded858d70a9c7e2e3b3a4c8b4d6945144b4a4a1ec19d5fd151800c56f501
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-