General
-
Target
57937794fb95166659703b275620affd15c17d2b57895c192c253befd913be2c
-
Size
395KB
-
Sample
220521-nsf3fahbfl
-
MD5
1de6f1e70a2450b5175851a315c6e96f
-
SHA1
dda5d37dd04c0baa9277c44ad21f46cb93380f56
-
SHA256
57937794fb95166659703b275620affd15c17d2b57895c192c253befd913be2c
-
SHA512
eb6760d3fbb158173e4baa70af844b1a8387c9c0f523063e53d4c15436cda9c88ed7a9d7d20f46800d17bdb5fc81ffb5780209752fffcf55f3738f2ed4dfe6e2
Static task
static1
Behavioral task
behavioral1
Sample
AN_FSOFCL2020052211pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AN_FSOFCL2020052211pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.karmachalets.co.in - Port:
587 - Username:
akshya@karmachalets.co.in - Password:
Akshya@123
Extracted
Protocol: smtp- Host:
mail.karmachalets.co.in - Port:
587 - Username:
akshya@karmachalets.co.in - Password:
Akshya@123
Targets
-
-
Target
AN_FSOFCL2020052211pdf.exe
-
Size
437KB
-
MD5
06e5438b6fbc0f98f8803941b82e59ce
-
SHA1
8bb193064d3889816adf06c208730c24bf5613aa
-
SHA256
672e3f987619a0968785b91fc3e8a824be6f331e9a49859519de5c143d354700
-
SHA512
0fba3805183faec0401f8f5fc2474ef402fa1d8b554a9fc4f08aa0270a4e47c35785c32ddaf588676b7450b266de3f2e069bcb7d4da2e2e277a1afd88b727197
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-