General
-
Target
d7528856e790f108495fbeb1b399880aff6ce2299508e89e3d1a7785195abccd
-
Size
357KB
-
Sample
220521-pey7jafbe7
-
MD5
8ab0b713620f8c0853850025388ea959
-
SHA1
e8393d93fed4aee737fb86116bcc0f7372ca5529
-
SHA256
d7528856e790f108495fbeb1b399880aff6ce2299508e89e3d1a7785195abccd
-
SHA512
be397854cc2e095896bd316d643d163b11f36c1bc5c257f66bfdf0c39ea6cf5254131082d3dabadc3440b0b5ca925466797dcb09cff8cfab54c4d6417a398fbd
Malware Config
Targets
-
-
Target
ORDER SPECIFICATION .exe
-
Size
371KB
-
MD5
8906f59d18e4741a5a04a85a5019daff
-
SHA1
8d7e572c92e9d6c6f4b9235f5eb68ac2dbec9d81
-
SHA256
04d2aed5efa5c8be62734ea19613f7fa5cbbc521118e1f680f7b9f27be0c0d6f
-
SHA512
f53026f24ad51c0e68e188e390f4873ed20b598dc7fa079a0d2dd183418efc17c867ae98dd28b3440a65bd03115dbbd74d1138cc128b8511943867b3ff4a6a98
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-