General
-
Target
d0410b6f47833d94097b4641df6b0d27cba6b84d29ee89cb27665d694e930fdb
-
Size
450KB
-
Sample
220521-nzj3nsedb4
-
MD5
258210eafbb04c98958b2b6c7c0eeaff
-
SHA1
0258c23572eaf25ea973f2f13edfc7db69b49cb3
-
SHA256
d0410b6f47833d94097b4641df6b0d27cba6b84d29ee89cb27665d694e930fdb
-
SHA512
c3b6b7170deb1cbe355d764bd63d208389a775ee8f26e911fcb5adf4986c2bdc515be3b8bdc3887766bfdf9ac9fd3503d7224f797c6c91ca7729812563d05080
Static task
static1
Behavioral task
behavioral1
Sample
Invoice and client details.pdf'.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
chat@hotel71.com.bd - Password:
9+^va&phP1v9
Targets
-
-
Target
Invoice and client details.pdf'.exe
-
Size
493KB
-
MD5
ade7e98755e204c575754c578d9806b8
-
SHA1
5c833bf110f91e5ec7f541a2af60a7faf46fe0c8
-
SHA256
8bacca094f83e0486702d5c22a551a5a52ee7dab8ed6daad0b2881c57a1127ce
-
SHA512
f667354b0158c2f31c8c6253b4abdf77e214cac1f9bba083b5728dc980ea671630c47e370506a5df17588357074b966ec9ab4fc2314f8ee95fcb9291ec65dae2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-