General

  • Target

    wentra.rar

  • Size

    11.3MB

  • MD5

    63eeb2449e6cb1e9896002f19064bb25

  • SHA1

    2f863b7843cc900d53edf911a8efb76be847bfea

  • SHA256

    8ddabb3123e9ce339e10e3a37e583be80b790b415bd81f28ec960e0741fb2784

  • SHA512

    d8a4411128fa69ebb3f57c43f4fb4791a8f39e374c8c57b8d0cafd68848e592c50f463f04cf158df5eeba9dfa0710a937a1542691ad75a45199f578dea8c1ef4

  • SSDEEP

    196608:woVbd8yDhv/3oSowudnYeJetj+B5IgxKo1/resVDdDlbH+riHqy5+Pm4ofn51:wkFaRbYHCMK31DZVBDlbHwYU6nX

Score
10/10

Malware Config

Signatures

  • AgentTesla payload 1 IoCs
  • Agenttesla family
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • wentra.rar
    .rar

    Password: lariosunboklugotu

  • wentra/Guna.UI2.dll
    .dll windows:4 windows x86 arch:x86

    Password: lariosunboklugotu

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • wentra/Spoofer.dll
    .exe windows:4 windows x86 arch:x86

    Password: lariosunboklugotu

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • wentra/Spoofer.runtimeconfig.json
  • wentra/alperenxrq.exe
    .exe windows:6 windows x64 arch:x64

    Password: lariosunboklugotu

    9704a37628b9b8b45db57d9a53af129e


    Headers

    Imports

    Sections

  • wentra/runtimes/win/lib/net6.0/System.Management.dll
    .dll windows:4 windows x86 arch:x86

    Password: lariosunboklugotu

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections