General
-
Target
f510d8c903f78262f15edd2b3c4f1778fb590fedb8d54224da31c6717c9c8f3a
-
Size
1.3MB
-
Sample
220521-ndfs5agfcj
-
MD5
0003f99494e9dc0bdc12bd26c6f754a9
-
SHA1
a33365e3d18c1f7fc5b93f7fb1ca82bc6219bece
-
SHA256
f510d8c903f78262f15edd2b3c4f1778fb590fedb8d54224da31c6717c9c8f3a
-
SHA512
39a12fb7f18dad0671142640d211ddef8e93fd575fbbd299a8b04ebf2f49226f5dd54a38cb0ecb1919044ec56eb3ff7ca9c40f4ab5e45774ff74506cff857e9a
Static task
static1
Behavioral task
behavioral1
Sample
Catalogue -CIMC Vehicles.pdf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Catalogue -CIMC Vehicles.pdf
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
PO.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
PO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cka.com.sg - Port:
587 - Username:
[email protected] - Password:
agnescka82
Targets
-
-
Target
Catalogue -CIMC Vehicles.pdf
-
Size
956KB
-
MD5
d4a1613e6edd72c5428df47a8e723d04
-
SHA1
ce685570bf27392dbc7b375b6ad24a16a7c1a7e3
-
SHA256
0f3eb48d8d86128e53b1cbaf4282725f2240000835a538ba41e3b30ea1b79a22
-
SHA512
c3e0e841d0c3451baf6a3303504497a95625cc7aa760a1e89cea87bbf1e063aebab3c0a9d2ea07ee67dd7c31224f76131045deb13ca4c36d72d54f758b61e032
Score1/10 -
-
-
Target
PO.exe
-
Size
869KB
-
MD5
a925cd618ba6ead6b73ded89b70e69b7
-
SHA1
9a1b4b8e5a3d2d9539205f9c2a3ea96d5f74d5c0
-
SHA256
547e52557b519e2b169e8a9c5932e2d7ce615ea34d54348d5d87033a545b6362
-
SHA512
9a96bb6e45fcafe54376b3c923c5db4f71651832bc42897218511b87bbb15bacfafb9059a378d37022fe19b5dff6b78e8013b14262ab907f6d4bc0b051a365fb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-