General
-
Target
fe95b8e22f7ed52665da4f9317a8a128470052a172513f89cd5c33f7dadc3965
-
Size
378KB
-
Sample
220521-pdlvtaaceq
-
MD5
6abb23580badf0e8d9dd3aa6bb3a2347
-
SHA1
0db6e50406e11566cb4f26220484de4aceee70b0
-
SHA256
fe95b8e22f7ed52665da4f9317a8a128470052a172513f89cd5c33f7dadc3965
-
SHA512
dd7371426896320a77418e96a2ef655434bc0865a8511c6fe2fe46839646139d9177b187bf0a9cb933bcaeeb1d30c1c21aea9386bc25bc5669cca293bfba432f
Static task
static1
Behavioral task
behavioral1
Sample
BalPO21504pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BalPO21504pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
info@eltaef.com - Password:
eltaefSH6548883
Extracted
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
info@eltaef.com - Password:
eltaefSH6548883
Targets
-
-
Target
BalPO21504pdf.exe
-
Size
392KB
-
MD5
26b4ecd94509e28f4ae0fadc37982a24
-
SHA1
a08b1e93b2f33ed19c7c2d766ba6ec4b12f670c6
-
SHA256
31f91924abcb4657d19721140bb21db8b517dc6a48830c7c5dc53d819c507248
-
SHA512
422f28259d188f8d02368c0419eb212e12ca5d657340311ad11732c768dd497665e42e4b6fbc7e084ce7c724e8174551d682801fd9040b4e7f52319b6671a4ca
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-