General
-
Target
7b0d27def7d743d8a91bd89449e914d7b92b0966f0fdf768cbd6849a09532103
-
Size
479KB
-
Sample
220521-pa4lfsabdl
-
MD5
b38c83cbca41829bd69a0ba9e16492b4
-
SHA1
04b0d23d904792672921563bb5d54cf082851098
-
SHA256
7b0d27def7d743d8a91bd89449e914d7b92b0966f0fdf768cbd6849a09532103
-
SHA512
a27d249e86390a943d9659de22589dbeed44a74bc65683cd0e523edc0fb314ba32db8b96525f35cafd11edafec36c6c6d1be8ec31fea3d954954cc923c67a187
Static task
static1
Behavioral task
behavioral1
Sample
PRODUCTS NEEDED (CN).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PRODUCTS NEEDED (CN).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
solomon12345$$$1
Targets
-
-
Target
PRODUCTS NEEDED (CN).exe
-
Size
514KB
-
MD5
4195b0b7b1ec9072a8717a7d7a13cfab
-
SHA1
2dfe70908bd40de09651083d74ddd5f65daf9ce6
-
SHA256
9f0a0182a91d2b110b48f2ec84c078b680655fc6b887f6b622367da1180ce6af
-
SHA512
a62fa26578eeb4452840549c409cce6616f111198656210e353b651b249f98b178d84d11f42725777733052a4af050e51e3b4bcca5390a96ebe8090765737f4c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-