General
-
Target
0cbbd9e6106d9799ddf5b68b94872e5e4b1254a88c1c6d1c7edb099692313951
-
Size
463KB
-
Sample
220521-ppk3naahgj
-
MD5
c07dbc878c83e592b8fb6131aa8ef45d
-
SHA1
e63533051d4b8470eb6c7686fa74e00c4a722e67
-
SHA256
0cbbd9e6106d9799ddf5b68b94872e5e4b1254a88c1c6d1c7edb099692313951
-
SHA512
e224fb4ea780ed5383224000c547faf9cf8820e55ee0397cdc2ba40ced5e69106b61477ee8e37184ebae73db8fdd658d6374df1c477f383c8dce0b74771355cd
Static task
static1
Behavioral task
behavioral1
Sample
?gnp.025062-OP.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
?gnp.025062-OP.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.winhalltech.com - Port:
587 - Username:
hafizzul@winhalltech.com - Password:
Hafizzul*010218
Targets
-
-
Target
?gnp.025062-OP.exe
-
Size
592KB
-
MD5
73649cfc570b95a7b28ea33e5922f909
-
SHA1
2aa9319bdfcf515ce716e7ca299764011cc3e66d
-
SHA256
8434971fe8238cbca3e48cd4f128b6c36170f263f1b07e7f942197efae39e4c0
-
SHA512
32c958e076c89635eab4513752f9e1e26e7dc5dd018cd2541d4e7757fd3410e4ea9088a418c2bc128628f1556dc573c263c7844ebc5b4487453bcb6f987102e7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-