General
-
Target
cb45ee78d720f8828edd79683a1e67701457ebeb52e15f20cf1ae50cd72ac3f5
-
Size
389KB
-
Sample
220521-nzxnrsheel
-
MD5
5a28c364f19f3ca2071be44c6927c18d
-
SHA1
cb518a516bb5de0ff4b14df37f7b8bef333a0d88
-
SHA256
cb45ee78d720f8828edd79683a1e67701457ebeb52e15f20cf1ae50cd72ac3f5
-
SHA512
9dd610b2c5a18ff41013d043833590ec3fc2cc6915588322925137907e42312dfef7aa6ce7708542fb33d93eff5d8c075be8ee6925baa7b7dde8c046e7314310
Static task
static1
Behavioral task
behavioral1
Sample
Terms & Conditions.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
chat@hotel71.com.bd - Password:
9+^va&phP1v9
Targets
-
-
Target
Terms & Conditions.pdf.exe
-
Size
411KB
-
MD5
cff3e5019bd36f4a7596fe229c9e6a2f
-
SHA1
b7d7e42f24cb3c3ef10497a64398a888790dcbb0
-
SHA256
9950693e7a2ed5a37008ea3a7c2a185132af4f3fedfbbba41fb03939dadb8044
-
SHA512
67e13ab5417c8751b956fd429b13fe11291d0263699c4e8f253b7ab4e266b4b2afb1411ed0907b69d84c549d03c7f5398ff885d864899d743d200f7a222b5031
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-