General
-
Target
724ac83cc67efd3850f7085f5363c96a1af7c3879c90ac9db57520378688d85d
-
Size
415KB
-
Sample
220521-amka1saea6
-
MD5
529cd26f2f6d1377c532a4a16e349245
-
SHA1
95a3f481b4cdbc645152de225be351b47c4e175f
-
SHA256
724ac83cc67efd3850f7085f5363c96a1af7c3879c90ac9db57520378688d85d
-
SHA512
561da4413337fac5f2ea398e87d7e8f1ba13ae4801998d891048d26f31e1ec6cf41555e8a62a8c1b7d4c83f609bb2c1ed2b70da5019def370a3f7ef307a5ab7a
Static task
static1
Behavioral task
behavioral1
Sample
PO_Aero supplies Systems Engineering Pte Ltd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_Aero supplies Systems Engineering Pte Ltd.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kohinoorribbon.com - Port:
587 - Username:
[email protected] - Password:
ashu@1976
Targets
-
-
Target
PO_Aero supplies Systems Engineering Pte Ltd.exe
-
Size
511KB
-
MD5
b3b136655b12f24f7aa83776926bfae5
-
SHA1
4b2ac4a8c4bbfdfbb6eada44ad656d67c9492bf3
-
SHA256
841b4bfaf0f0ebfaca4f6700741f7139057e39e7ab4c81537ff7ed57173c1d7f
-
SHA512
e96f76b3abccdee905ff5a9372750746727a11753f55069c49c752377386abf47cb1e123c3a630f961ddffba9ec3867d765c6477a4c25023796dc4110b3c6c2b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-