General
-
Target
1ee09b56eb363f46b95737856b82a8fd297c1e488042dd6c1f813cdb616a894e
-
Size
444KB
-
Sample
220521-bxqq8acfc9
-
MD5
e59019a07c32f9bbcf869bfbd178188b
-
SHA1
62728ed2b47aafc30543ef0bca38aee7b0bddf55
-
SHA256
1ee09b56eb363f46b95737856b82a8fd297c1e488042dd6c1f813cdb616a894e
-
SHA512
f39f5ea8d5c2342021032e13988064eaa90cdeb89ff6cd51a16dcd95098d7153f001b824d4a101da544bef9b59310a9b8d1f8e48f600f2361003a897874c7995
Static task
static1
Behavioral task
behavioral1
Sample
NPK 202020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NPK 202020.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
NPK 202020.exe
-
Size
816KB
-
MD5
94c64da42cec451a2bd9c6e30d366fa8
-
SHA1
ae5ad76d977bedfaa76632fa32d5678c212daa96
-
SHA256
40b64f01b9da5a5fdafaeae7226eb911ec29c6ecddd24aae32465f0c3b97fac5
-
SHA512
97754440f8ad88d4bc02e57f921461a62176825f615cffbc6ffd35c29404e4301a142e4e4399c835c370e47563c240205ca8985a8f1ef6de1df43dea19dcf86a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-