General
-
Target
83d78aa86ace8c2cc6bf0bfab8f61ec4a41fe2c4b67831e452b4acf590018a3a
-
Size
400KB
-
Sample
220520-3ccgmsgfb7
-
MD5
7037ddc7b5eba5af6c4f31a2ee3e95f5
-
SHA1
dcb5bfae7cd3769d657dc8c597df0a0d7747ac92
-
SHA256
83d78aa86ace8c2cc6bf0bfab8f61ec4a41fe2c4b67831e452b4acf590018a3a
-
SHA512
dc3b8ea8b7949416b020f41aa3f4789b75498ae829e4aa6959e06c751d9ee3fd53ac5b513944db3274796e5ecf09ee39855e4d9abc397ff75ae0393f6673b5a4
Static task
static1
Behavioral task
behavioral1
Sample
PO_Aero_ supplies_Systems_Engineering_Pte_Ltd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_Aero_ supplies_Systems_Engineering_Pte_Ltd.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kohinoorribbon.com - Port:
587 - Username:
[email protected] - Password:
ashu@1976
Extracted
Protocol: smtp- Host:
mail.kohinoorribbon.com - Port:
587 - Username:
[email protected] - Password:
ashu@1976
Targets
-
-
Target
PO_Aero_ supplies_Systems_Engineering_Pte_Ltd.exe
-
Size
438KB
-
MD5
6609dff2ba2a86c81636ccf031f3696a
-
SHA1
3fa94ca8802401c0b56a5844d0a541a6e7511586
-
SHA256
5092d9ebc85e835f7ef16d20b935cf58cc52715c0cfdb88a2723d3a34f9b1526
-
SHA512
e7b3c4b42befeee64ce8939798cc4d249e5d54e395797edd82f4a9fc3b9c24eee93f7bcce6761c91af250b44074171e7da144bb07ce16f70d9f10c7abf7fd731
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-