General
-
Target
7286ef8488ec32dc085ae927a4c0b7c5f1e3f83a75a189e3dbe1bd7e2ed5512e
-
Size
505KB
-
Sample
220521-pbaprsabdq
-
MD5
377000993e5a850c394b8711a611bdd1
-
SHA1
295860f21c4d25e977d11a3e68236cbb18de6036
-
SHA256
7286ef8488ec32dc085ae927a4c0b7c5f1e3f83a75a189e3dbe1bd7e2ed5512e
-
SHA512
fb6c6962e4ae16185138396d6547a12667560451c49e0c823df8fb3b2b437ce626d712fe779961800379c0f803486454bad2c3040088d8b37b0ccc7cb2da71d5
Static task
static1
Behavioral task
behavioral1
Sample
OC_Y091648273.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
OC_Y091648273.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.megoagro.com - Port:
587 - Username:
[email protected] - Password:
Bl%EWm@8
Targets
-
-
Target
OC_Y091648273.exe
-
Size
539KB
-
MD5
38200f27bf7337dc20db1fe24f8eaf85
-
SHA1
9de6b1e06532084b375f25ae9807086a28522a4d
-
SHA256
348ab69ec7c99d1803d0b8b29f5959fff8dd6daed1d992f7da2d796495ac0a67
-
SHA512
6f304dbda1f918e90fcfa25492e29c0ccec13f39476c68421c2f351176baf1cb61de1ee4004999aeca2322997db293849555ffbd5529c564018244860c353d8a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-