General
-
Target
e493e036c04f67ad8a5828c677951868f3d3f9a16133ea7c8f0812592a6c1546
-
Size
447KB
-
Sample
220521-pebq8sachr
-
MD5
8af57b83e7b2ca748bdb94be74c26a83
-
SHA1
5e539db706b2d1e5dbe871af4460ed499a1e305e
-
SHA256
e493e036c04f67ad8a5828c677951868f3d3f9a16133ea7c8f0812592a6c1546
-
SHA512
88f56216c36fbc41e54122020daa76c087e31fc2d041827933324259b4bf30fd9529276bc1f19d38a0320ab976b7b54692d3a624824c8d84351ec28cfaed5e58
Static task
static1
Behavioral task
behavioral1
Sample
ORDERlist85398pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDERlist85398pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
info@eltaef.com - Password:
eltaefSH6548883
Targets
-
-
Target
ORDERlist85398pdf.exe
-
Size
522KB
-
MD5
7ad886548166e2b8367171f5f9d22822
-
SHA1
481bac80866886055838cb358528fe0971b1ac3d
-
SHA256
b7482c61434635d571649f327745f55945828178069d73bf9d1bb9298e8de89c
-
SHA512
bc8a37eb67bc8e9ba3c661e757980a3b1aceb204dcd72fc37fe8e309c7893d4f04b5aa695f6378a0628a3ce6f59d3faef3352ce436d343a056722b3b72657ecf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-