General
-
Target
c27d32dd7974d1865957d1cff9045b93686baa623479f49cc5512ec6ebbf4ee2
-
Size
1.4MB
-
Sample
220521-b1cnrsfhar
-
MD5
80bc0e665607f782399a4c9eebb0b73d
-
SHA1
3ae171aa58fc36e265b767b699cb510e49feeb87
-
SHA256
c27d32dd7974d1865957d1cff9045b93686baa623479f49cc5512ec6ebbf4ee2
-
SHA512
a795e785eb3aa32586d98afa2d41a6c057f55b5de756459a2b8aa8fa0294e0eba1548b26491875929003c3bd67f861a16e46816db154fc6518f71c476bb09cab
Static task
static1
Behavioral task
behavioral1
Sample
PO_OK120.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_OK120.scr
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
PO_OK120.SCR
-
Size
819KB
-
MD5
a3da0503d87038ca6e6c02e56060ce3d
-
SHA1
b8c583973286d94a590e3d70fc41b76fbf854994
-
SHA256
ac5a853fbf0899cb5f628c1dfe1c153a13748c16fe009f5448d15a2fabcc8b65
-
SHA512
33e87fd19ebcaee7d4f521c55cecb5ba0c897d5ad327b46d47bb436fc4703b191024528b72283de07c10a0ca315a2e04a886b69a4cc6d2c3ed6e5cc6cd2e3e61
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-