General
-
Target
f537ae5b4ec7537a79c56722c39494203f791a4d62860b1d7c72aa4ffa7b9fbc
-
Size
386KB
-
Sample
220521-ntr64ahcam
-
MD5
7b26fcf30096c33db8ea99f78821e7f3
-
SHA1
eae9dd91d3002029c74974af2c16c2abb251b778
-
SHA256
f537ae5b4ec7537a79c56722c39494203f791a4d62860b1d7c72aa4ffa7b9fbc
-
SHA512
b8b6cacac51536c70f1e4c7d3813079060d19ce954ea8b08ffb0971121a68db30824c28e06e4e790c6958901f38f10ebd6a897dc287475c8e2a04934734c0b67
Static task
static1
Behavioral task
behavioral1
Sample
TT copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TT copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
sumay.naing@bluescopa.com - Password:
#4#o0YqVdb*d
Targets
-
-
Target
TT copy.exe
-
Size
468KB
-
MD5
e6a67f656acfd60077905dc0840d48e6
-
SHA1
87b60bed4eab0edbd2b5009d43f26b7e64056efd
-
SHA256
ce8b237a923a7ed2f717640ebf45c858a7adf02d9b737f1e8e6486b4e6d3b105
-
SHA512
ceb6b3a66a93239b9d7553fd57d01f99f6e31b5d7b78a8ebfce9a74727e9580eb155678760bac1117801f9379bf0af32f091a17fd813e4c2202c1a8aabdea2c3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-