General
-
Target
fd3dfbebab26348cdec8bf9ba910d33a57c691b99b97f76531ed9d6c288200c5
-
Size
367KB
-
Sample
220521-pdm3wafba5
-
MD5
f590634240b2a8b7f9d34420f432f573
-
SHA1
9dbb93520352dcc1219a51a642c2cfd95288a781
-
SHA256
fd3dfbebab26348cdec8bf9ba910d33a57c691b99b97f76531ed9d6c288200c5
-
SHA512
defe70f71abb08aadd168c8e3355962a0e67dca41ec1634c982d6e72d6b08f2de6f02fb3fa3ec335249b0e75c7ea04c640a04738ef0353f58a5cad940cb670fe
Static task
static1
Behavioral task
behavioral1
Sample
BA00415Q0123854UOS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BA00415Q0123854UOS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
gabby.anthony@yandex.com - Password:
43210001234
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
gabby.anthony@yandex.com - Password:
43210001234
Targets
-
-
Target
BA00415Q0123854UOS.exe
-
Size
381KB
-
MD5
9105810a764708d7b37bfbff0988276a
-
SHA1
56888af9d5e397c80f0c8e2628c8413a93bf81c9
-
SHA256
4f3a1dd374f609e7dd16e27c282c971122e9d8afbb58068a642925ed5a5065ac
-
SHA512
aafce23a810b2f06bf32b1132ae6d8d8f1e4357799ca6b88107de7c2e3dce59cf7fb28d71135e4e3740a58dae14a12a99509ad80ea0a7a05c26604b1138344ad
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-