General
-
Target
f634a9d7eaeb9dcdefff98bfe6a850190c16dd9ab8a2e50fee3fa5acf5757a14
-
Size
463KB
-
Sample
220521-xhzapsbgf4
-
MD5
50f922cbe8b8e426906c0975945f3da8
-
SHA1
84fe0d182c9e362763fca61948e98de49e1bb6f1
-
SHA256
f634a9d7eaeb9dcdefff98bfe6a850190c16dd9ab8a2e50fee3fa5acf5757a14
-
SHA512
d3eb19fd199bbd9d33b8b84f771ed6a5f68c8e99c95baeef5185c2f20d3d63ef113e9fd19cf9b2e5def73bc1781b6e50eecf105c6b81b684ab13caa0852f8feb
Behavioral task
behavioral1
Sample
duk (3).exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hotel71.com.bd - Port:
587 - Username:
chat@hotel71.com.bd - Password:
9+^va&phP1v9
Targets
-
-
Target
duk (3).exe
-
Size
511KB
-
MD5
04b191c4242a98c5b14ed1de9c61ef8c
-
SHA1
4c4fafb67933eb18100acdc76128f42dc9a9525f
-
SHA256
bbfd3959ef22e9fa18ed11cbc9b8f31ac36e86f0d055d2c57b81ee19f9c54175
-
SHA512
c613ece1002132dfacf60eb41a0d1910e3e3c314db9b53f13b9e9eb34c4db9553538f3fc12f22c3ddf5ca705a53f64517783b292c240c20ec0d002a8e202144b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Contains SnakeBOT related strings
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-