General
-
Target
3ff584e04fd6e89be210bbe78735f59e27e2b374294ef5682598f0b3454ff6fe
-
Size
390KB
-
Sample
220521-xjaczabgh2
-
MD5
6d9502660720cc2bd4bceef19be55f6e
-
SHA1
8a180788b066018a899cfabf9864856037ee4ee2
-
SHA256
3ff584e04fd6e89be210bbe78735f59e27e2b374294ef5682598f0b3454ff6fe
-
SHA512
7d2205fa24484aca19e60084e8f7708de9aae504abb4a084b9c42e660c36238155b1874d68c944f1fea93e2afdfa39d9bd268d8570551b648a8088f6a40b8007
Static task
static1
Behavioral task
behavioral1
Sample
PO 28602....A6hBbL7xL4Jle4w.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO 28602....A6hBbL7xL4Jle4w.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
logs2020@gtbenk-plc.com - Password:
mkoify147@@@
Targets
-
-
Target
PO 28602....A6hBbL7xL4Jle4w.exe
-
Size
444KB
-
MD5
82c88bfa469dbc588304b5f8787fef8f
-
SHA1
d1bd337791addb1151c5369b5d2922d2e30524ea
-
SHA256
5eabdc9b1c948d59d99a9a19e6007c36b3fc7bb21dbcb654e73f64a20d6a6aec
-
SHA512
7e415174d2ffe8f5925778ab59212cd52746a673dbba2d53b7538615bb103aa11ec17acbb8ce6a4c910d8d46e194f75a98c43f50095290995fc1c684dd97e53e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-