General
-
Target
fcc91a22edbb555263dd5f7531ddc1cc467e53c5cf3c06fd5891488e2089e784
-
Size
383KB
-
Sample
220521-pdnpeaacfj
-
MD5
965f754553cfae0dca68e29195bcc306
-
SHA1
a6467ac1827055504f4f176cd6cda6f03b13785a
-
SHA256
fcc91a22edbb555263dd5f7531ddc1cc467e53c5cf3c06fd5891488e2089e784
-
SHA512
0456c6dcc4c943d1442e0963e86a22193f4e9d0464db78f944127f632f6f5bc0e07fcda082d46c2eaa471c23f1eee7d60ab107cb1b89b4b9529cc5e238359950
Static task
static1
Behavioral task
behavioral1
Sample
pedido urgente.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
pedido urgente.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.capeqlc.net - Port:
587 - Username:
ezeube2@capeqlc.net - Password:
TRf%Qah4
Targets
-
-
Target
pedido urgente.exe
-
Size
398KB
-
MD5
027ec3c777c8acb409bf348c6fbed620
-
SHA1
cb1cf03cbc583c2a389111f7a44ca4f0b9fb022d
-
SHA256
e53b85600f2e1d2c612854eb25aa5ebb3cf93a966aef11b22e186f65cb097506
-
SHA512
58e7110107cb77070d98a30def446fa6c87e020296680d752288f3eda11b327b91c20be41c7b4f062ec398814494abf0510c9812a74793e4653186832d8c46c2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-