General
-
Target
f22dd9c2dfe6126ba471420ea6063b28e2fdce4def23429f79e73444f70ee12c
-
Size
399KB
-
Sample
220521-camlqadec8
-
MD5
fea5433b3c68393fd8253731ccd2f337
-
SHA1
94dad1e29f7b940341a8e75458cf0bb543b0e4b0
-
SHA256
f22dd9c2dfe6126ba471420ea6063b28e2fdce4def23429f79e73444f70ee12c
-
SHA512
60b4f6f9acc336eb41766e9a36eb5f31a6756f3096597b003e314ddeb3fc3b4d6cf553d8311f6ecdc31e067535d41f8fc85def9c6c627dcdb3d2569b0e374a09
Static task
static1
Behavioral task
behavioral1
Sample
cBf0PkxZb3kS9Bx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cBf0PkxZb3kS9Bx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.islandkingpools.com - Port:
587 - Username:
accounts@islandkingpools.com - Password:
Accounts$678
Extracted
Protocol: smtp- Host:
mail.islandkingpools.com - Port:
587 - Username:
accounts@islandkingpools.com - Password:
Accounts$678
Targets
-
-
Target
cBf0PkxZb3kS9Bx.exe
-
Size
422KB
-
MD5
93639ef704591922ece2926cc3b9444d
-
SHA1
5c03a25f44aca6b0dbfb9f1edb4c4f9b6b52f94a
-
SHA256
b69b060cf9fec8a233ad129cc75eaaa1c439ba29dd5256a90df085ff34c47ee9
-
SHA512
fc2dbb5cef08c5679f6929b9812c6a4cf649c7a88e6217e4ee89f1ada75a78c68287ab9234b3b6e23d5bd529f24bd72ebca56b8daa2eff003625786cda7fec45
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-