General
-
Target
cad97f54cb53285a119d40cd8ab2cce6f9eaec65dff7701c0efe3241dac93f4d
-
Size
445KB
-
Sample
220521-ckr9yshafq
-
MD5
4654ce8ad8de7d532dcc6d2c82b32e23
-
SHA1
c5b47fb03fcb6b622ef4c35229b6e3ca1218270a
-
SHA256
cad97f54cb53285a119d40cd8ab2cce6f9eaec65dff7701c0efe3241dac93f4d
-
SHA512
8d18ac7980e03927ada2627ce545b4f60eca6a20aab6da54a9991903bab301e53ea7c7dab37f406b46d66ed4184ea2f1efddafc684b9fa80238b8a380dc24499
Static task
static1
Behavioral task
behavioral1
Sample
PO-0805cn.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO-0805cn.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.winhalltech.com - Port:
587 - Username:
[email protected] - Password:
Hafizzul*010218
Extracted
Protocol: smtp- Host:
mail.winhalltech.com - Port:
587 - Username:
[email protected] - Password:
Hafizzul*010218
Targets
-
-
Target
PO-0805cn.exe
-
Size
554KB
-
MD5
7a1f802d55cde20628b37dc2a4c88952
-
SHA1
1c048b35e7857e7c2e6f3b5ddc45fc16c6cfd957
-
SHA256
cdf5e7899d662b3c5af2b8048bee28303ada03a878005812245cf2b6aa40bcec
-
SHA512
42a0541f671d6cbd97372204e6afb37f909642265a2ba80f6d1637723763f984d506b0193d1cfdc5e97b6184e0a3ceb2ab3c8f358a05cc85f0aeb9a125a1621c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-