General
-
Target
c7ffd5bb2b4cb924adf4cfe2767399b63f593267cfa92428b5ebe701e24330db
-
Size
1.3MB
-
Sample
220521-bz9xwafhan
-
MD5
794adc8dbb6ad1e18f74361132d56c4e
-
SHA1
a4f8ffd9aaff1e8311823f982775ab3bde887eab
-
SHA256
c7ffd5bb2b4cb924adf4cfe2767399b63f593267cfa92428b5ebe701e24330db
-
SHA512
f3366e43f19ba76e7a85078d1154e65e4b7a88425ba0467fb2487e9de2233293601bd31a511fce8132060a85b8bbe6285a1d26ec62f7f0e334532426ba1da464
Static task
static1
Behavioral task
behavioral1
Sample
PO_EAS20.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO_EAS20.scr
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
PO_EAS20.SCR
-
Size
811KB
-
MD5
76fc894d97a27187c25f2044a41f7320
-
SHA1
d0a55d34a29b4af20f73655f8742a150c65fea48
-
SHA256
dc0ee2896b9e30407a4edba7bdb3d7660079e343bb9652793a2e97c52f25a660
-
SHA512
32bdb9096bf4e2511d83819c0578bf4c57e46a4336c1ec86b107d6716d0b04acda81d3632a9424efa35e89d99eb90e475c6b6dcdb4e54ae5f9993ad6430d0bfb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-