General
-
Target
0e643a127fdcae3f0ada30f6448e0db52e1220b591da686d5b6895e5a26c1efa
-
Size
637KB
-
Sample
220521-xfajkabeh5
-
MD5
6146ab2e2854342da1d82704c5821515
-
SHA1
7d379cebe5cab6a8a8a8a78f8b2891c5726645bf
-
SHA256
0e643a127fdcae3f0ada30f6448e0db52e1220b591da686d5b6895e5a26c1efa
-
SHA512
0f359320973ce053e36ccb2871d4b75ab5fbbed025a69233215c3c40a10cd3a6a5343c81edabf7ee220b1135288ff7e208e5deda70cf118a6b98ec19e931c637
Static task
static1
Behavioral task
behavioral1
Sample
NEW PO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW PO.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
PO.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
PO.xlsx
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Quote for 20FT Tank Containers CYPRUSx.pdf
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Quote for 20FT Tank Containers CYPRUSx.pdf
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cka.com.sg - Port:
587 - Username:
agnes@cka.com.sg - Password:
agnescka82
Extracted
Protocol: smtp- Host:
mail.cka.com.sg - Port:
587 - Username:
agnes@cka.com.sg - Password:
agnescka82
Targets
-
-
Target
NEW PO.exe
-
Size
552KB
-
MD5
a6da76fa51f029d56650a892efc0f353
-
SHA1
1e23cde32f44ea7e2eb4a23248a8c7d40b595e2c
-
SHA256
80f41a09d12356205262bb77b16daeaf2a284a89fd737b042149a4207f16c702
-
SHA512
a1b4d0ca8066f83453004eac7e73baf94575d4af45f2a00c1fe42bff70a8375105a685efecad2c52604ecf3b5e9300650588fdaf9cb1330e00ba00795b5832b9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
PO.xlsx
-
Size
14KB
-
MD5
afb6307bf393aff2ba6e8b8c0199ff89
-
SHA1
51868fcf5f7c73937fd075fe25ffc191ac41c6c9
-
SHA256
4c81af66f036af9fdc5a53acc90b91d5e0a369978e5d186847bce31b52dc7484
-
SHA512
49c6ed8128b2f04177960477eb4995ebee8fa59537da1f94b599e16a4b3f6faf30a44bb63bdc51dbba99dcaa9632066e5d2af81321efbbde5de774be66e5c80d
Score1/10 -
-
-
Target
Quote for 20FT Tank Containers CYPRUSx.pdf
-
Size
113KB
-
MD5
194071ad3eccf329f3cd8aed324767df
-
SHA1
333416d0c58eed30b7c4cdfbd13dd76ebf5149c9
-
SHA256
3fed114564e25d121f53f45426c0c4b17449229194e3fe7b411640250389963e
-
SHA512
7e6445534679226a07875d83872a7a9ba598242c0c16b3a22f7b3c68b1f1980f5b325da9ffb4b2568edfb610ac2ec496fda8a6a9ee23317cf5bff88eb34cc571
Score1/10 -