General
-
Target
fd5e31dbca53b624ebc1b148be20dc49095914002ff2537b6498b514596c7ad0
-
Size
445KB
-
Sample
220521-pdmgcafba3
-
MD5
a71e5939eaab5b64ae0caa77fd6e5ca1
-
SHA1
d0b0f173e79f4fb1fc2bee079ec443185d48c2b0
-
SHA256
fd5e31dbca53b624ebc1b148be20dc49095914002ff2537b6498b514596c7ad0
-
SHA512
a514c05834c12ca1ce8f26379f835cb2d72166281aa383a6829891d12d06ca4e4b6d7d7c9b05325f13cc617809a133885f8dfe74a8a4a23b2f7ba6977b84e160
Static task
static1
Behavioral task
behavioral1
Sample
New PO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New PO.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
logs2020@gtbenk-plc.com - Password:
mkoify147@@@
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
logs2020@gtbenk-plc.com - Password:
mkoify147@@@
Targets
-
-
Target
New PO.exe
-
Size
537KB
-
MD5
a4352d77906441a3cd97c7d30c7e580b
-
SHA1
cabb47c10a3c03feb079f8ffb00d655708860fbc
-
SHA256
39492ca7d000a28c93084709bacf6b19357e7d79a67b3223ae2c7477bc574aa2
-
SHA512
8c09b2a1f2d5175087af17f57099aabb0429b528d8c279f8f25ba8cf5eb5b6792ef0d590a0c3a78c480bf3e16d774fcd9bde6cd9a649a649a05db8729f43e5e4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-