General
-
Target
13ae46b9d4eeb73b8ac223e879e84d849c5a60564669ed8c8a8809f41b2e46da
-
Size
414KB
-
Sample
220521-pb1k7aabgr
-
MD5
85b5d7ec13d7d293bfc034ae8312c094
-
SHA1
724556aeaabf5e8e623e85438776c14d61591d20
-
SHA256
13ae46b9d4eeb73b8ac223e879e84d849c5a60564669ed8c8a8809f41b2e46da
-
SHA512
5dd2b01026fced720c26605334568079bc81e9962b92751532d83c863b4afa02274496e873bcb8dc6d845c8dfade4d438772b39cdb832cae5a4585dcf94b873d
Static task
static1
Behavioral task
behavioral1
Sample
payment receipt.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
payment receipt.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dianaglobalmandiri.com - Port:
587 - Username:
info@dianaglobalmandiri.com - Password:
Batam2019
Targets
-
-
Target
payment receipt.exe
-
Size
513KB
-
MD5
1f4cafd1b59f0a7b7bafb28e31c620aa
-
SHA1
b4f61151dfcd4b7f62665324a661a517d1a0ec75
-
SHA256
875391a0ae1d2f10f9c04e39aaed8c558acf0fbad7b220d18489d25aac97ff85
-
SHA512
2ea0849ec47211976a72691944737944f231fcd3e3ed371c5ec0844650efa38dd613a252dc2b45a8b8f4969d0eb0ba981ddec36c7f8210032ddb76ce2234b64c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-