General
-
Target
3b5300bcec026d4c17298a74342552eac5a8b1a6c27ad21649b392b67e436b97
-
Size
1.4MB
-
Sample
220521-b2a7bsfhep
-
MD5
4f74f00ab9582f1a14996d74628f263c
-
SHA1
18df83383cce0f4c41d7cdfa0c9ed02290a0dce4
-
SHA256
3b5300bcec026d4c17298a74342552eac5a8b1a6c27ad21649b392b67e436b97
-
SHA512
4daee7d8df3772d4e909eaf0d98a40415a8a396eabb8b43348be8080b2921c64a26a7cbe87b4b720b6ed9c4470bf8dc31d2ed4f1baad7600e50c2a6c06ad43ef
Static task
static1
Behavioral task
behavioral1
Sample
PO_KIS10.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_KIS10.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
moneyman147
Targets
-
-
Target
PO_KIS10.SCR
-
Size
826KB
-
MD5
8d6e3d7db41eb59119d7e3d215be221f
-
SHA1
5fd08c7e2719c60bf2c438c81beb5dd891a66e6d
-
SHA256
a9c6ebe45d33c431aa47b65571cb8d4d0d56d439cea807aa603c744cf4105a1f
-
SHA512
b13b36fdf67448188d196df3bdd93ae6d2afcd3a6cbdab76a77b1bbc7f1725ebfb48d429b75ea2a3f6bd9bd73b50a8a400309dc4417b49a136ba6fc93499a766
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-