f634a9d7eaeb9dcdefff98bfe6a850190c16dd9ab8a2e50fee3fa5acf5757a14

General
Target

f634a9d7eaeb9dcdefff98bfe6a850190c16dd9ab8a2e50fee3fa5acf5757a14

Size

463KB

Sample

220521-xhzapsbgf4

Score
10 /10
MD5

50f922cbe8b8e426906c0975945f3da8

SHA1

84fe0d182c9e362763fca61948e98de49e1bb6f1

SHA256

f634a9d7eaeb9dcdefff98bfe6a850190c16dd9ab8a2e50fee3fa5acf5757a14

SHA512

d3eb19fd199bbd9d33b8b84f771ed6a5f68c8e99c95baeef5185c2f20d3d63ef113e9fd19cf9b2e5def73bc1781b6e50eecf105c6b81b684ab13caa0852f8feb

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.hotel71.com.bd

Port: 587

Username: chat@hotel71.com.bd

Password: 9+^va&phP1v9

Targets
Target

duk (3).exe

MD5

04b191c4242a98c5b14ed1de9c61ef8c

Filesize

511KB

Score
10/10
SHA1

4c4fafb67933eb18100acdc76128f42dc9a9525f

SHA256

bbfd3959ef22e9fa18ed11cbc9b8f31ac36e86f0d055d2c57b81ee19f9c54175

SHA512

c613ece1002132dfacf60eb41a0d1910e3e3c314db9b53f13b9e9eb34c4db9553538f3fc12f22c3ddf5ca705a53f64517783b292c240c20ec0d002a8e202144b

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • CoreEntity .NET Packer

    Description

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    Tags

  • SnakeBOT

    Description

    SnakeBOT is a heavily obfuscated .NET downloader.

    Tags

  • AgentTesla Payload

  • Contains SnakeBOT related strings

    Tags

  • ReZer0 packer

    Description

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    Tags

  • Disables Task Manager via registry modification

    Tags

  • Drops file in Drivers directory

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation