General
-
Target
1b03a044ae3276f2ed0a047976a3e0fc1c65db68546cefcf7d081ed9454266f5
-
Size
585KB
-
Sample
220521-pbdresehh6
-
MD5
6f9671a24ce2f3f9eaa02c485d166bab
-
SHA1
64f340a77a0002a95901ad5fa18e01bbda6c472d
-
SHA256
1b03a044ae3276f2ed0a047976a3e0fc1c65db68546cefcf7d081ed9454266f5
-
SHA512
41039d50e7cb109554d6ff620d90836c3a9a6c207f98b225660c5a437652332fc73e3cdee451989f4e71384517734c862d6fa77cadaf00167bfada98e862b8e8
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.goldenboiler.com - Port:
587 - Username:
info@goldenboiler.com - Password:
@gol2453denboiler@
Targets
-
-
Target
invoice.exe
-
Size
607KB
-
MD5
7d59bff9907443c8da5b773488d254a7
-
SHA1
0b18c7e81bd854d0065336368df1cd63be28a953
-
SHA256
f29c7a735adfcc42de35a17646ead9eaf23ae1a0cc99ad468b720d0e3be7dad6
-
SHA512
e8c154aec93bbf7357e97ca73f34633d1bc0d63106f0b1cc797fc94eeff2e262578441e7ef87944da6f4a50033785faf0aadd6ec91deda4cfe22d81c5281fe92
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-