General
-
Target
021167d25d1da6b03b476459604811deb5af5b77c69ba6238b67f85d92f0db4a
-
Size
448KB
-
Sample
220521-d5n9gabhbj
-
MD5
f38ffab3cb06c2dc1f5a6246d417e198
-
SHA1
49c61a2cf0cd705fc98c15e501691d4f56261237
-
SHA256
021167d25d1da6b03b476459604811deb5af5b77c69ba6238b67f85d92f0db4a
-
SHA512
57c86e90268a2d96ffa221ced6efd0a8fb777d61174cb509604112c389d47096900e989c027716e52a38a2c69f43831a9c7a79df5988be359b481272c1583804
Static task
static1
Behavioral task
behavioral1
Sample
KOGAN AUSTRILIA LTD - Products Requirements.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
KOGAN AUSTRILIA LTD - Products Requirements.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
premium101.web-hosting.com - Port:
587 - Username:
grace@onebillion.website - Password:
I@3Qc&OZDCX~
Extracted
Protocol: smtp- Host:
premium101.web-hosting.com - Port:
587 - Username:
grace@onebillion.website - Password:
I@3Qc&OZDCX~
Targets
-
-
Target
KOGAN AUSTRILIA LTD - Products Requirements.exe
-
Size
598KB
-
MD5
67ff8238044496d3fcd0b57fc43720d9
-
SHA1
a48f4b75b5890d702d30f1f09126e5536edb9def
-
SHA256
481fe9b310d02dfed2c5d650e64b63bab9021d9c8ece0b90f9a0d474ce6d64e8
-
SHA512
e0f758d3b69e6a114f5e8e0e53b28563d6af35949178c7c4f8ec4993b9806540b0d18292a3f374bfbe4d08c574142c6df351e2c8fa7665f1d296ce09b0c29276
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-