General
-
Target
c84ca1a2a1feef70f2cc11c45cfffa891597780ab6fa968ab5cbe261e959809d
-
Size
485KB
-
Sample
220521-pfmj5aadgk
-
MD5
924ddee2aa1ca8f35c8ba2b6b4388e5f
-
SHA1
8e2961beda7beae962e4b130ad40346a5b506721
-
SHA256
c84ca1a2a1feef70f2cc11c45cfffa891597780ab6fa968ab5cbe261e959809d
-
SHA512
d4c58cb43fb650055bdd03b6c006b521a0f40f1ac1169caa125793ce912cd67523a844bc7026b84a2d6eae4390d0c1dc64ccf691213224e22d9922b4b7f0426c
Static task
static1
Behavioral task
behavioral1
Sample
Maxima Trading - Products List.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Maxima Trading - Products List.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
insidesales8@mail.ru - Password:
678ui@#gh123!
Targets
-
-
Target
Maxima Trading - Products List.exe
-
Size
695KB
-
MD5
f7458aa5319364b9ab0f3ab279c30e5a
-
SHA1
b5cb9eb85241e5eec2f406837616aba9f1f89520
-
SHA256
b326e71388c8abfb8e0e74aa913863af33e3299ad79fa42dd2d3e4c44e63da2a
-
SHA512
4739a0f529d0dab266ae04bb3bde702c0a55aee263c8b146a495836840944acf217640e07d7e375d06af84e04273e5846843510cfd277e606a0cdbcf53c8a2dd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-