General
-
Target
1ef0ca67344f66e073563a6caa7fdc56644bc29c3b8438a26d4339dc78965a92
-
Size
262KB
-
Sample
220520-2z96rabcfn
-
MD5
ce1626d64a916d2093ff7c22743acca7
-
SHA1
8774b839120047a62df701b6f314a7cfdf265b82
-
SHA256
1ef0ca67344f66e073563a6caa7fdc56644bc29c3b8438a26d4339dc78965a92
-
SHA512
2d6ca82be95a18f65561adeecb7c4419ea0ddf150d003205c3f3920a16545a51259d0ded88e8ff66c02ddd1f5f1a56f59de1f1f81c2f67aeeac4b33faf278339
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
hesaphareketi000.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
hesaphareketi000.exe
-
Size
721KB
-
MD5
ee268a8eefbf81ce4c0ca0f6b491c5c4
-
SHA1
309d1f44e6e341f4bdfbc8b3f3865be5be699c7b
-
SHA256
63d4079c4844acd28e5a2576ac5a76acb5a6514b588e33d8db2d4f71cec7adbc
-
SHA512
5d3112c5e84ab9ce99d7d22ab0b977740693481497a3f0cf109305112a6ef4ee19e5deb47ab943b4622ca0a5869a2ac04c6d37ddd36619f09c4c2033b0bed585
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-