General
-
Target
7a376027044254b836abdc37288abe2971850ec28c72cd48f9a989ba0f716297
-
Size
480KB
-
Sample
220520-3ce8jabehp
-
MD5
1cc704dac7a12e7b678ebb8829cb01bf
-
SHA1
f4c00db68949f92f92213a641f1fafbf4554918c
-
SHA256
7a376027044254b836abdc37288abe2971850ec28c72cd48f9a989ba0f716297
-
SHA512
138552df394b5b5140bf447ac3175be02a979e69013a02a9d94eea1b39aa8bd2c2b8a390cddbba5acd9ac9459b35b16758d638c58d620a48cca50b67e274682f
Static task
static1
Behavioral task
behavioral1
Sample
MT1O3 copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MT1O3 copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.varda.com.tr - Port:
587 - Username:
[email protected] - Password:
varda9997929
Targets
-
-
Target
MT1O3 copy.exe
-
Size
687KB
-
MD5
7bbb99107a9ae85a281bb69bc80f4420
-
SHA1
557499b642dc4e5081e8216fe9e500fb15659f88
-
SHA256
322eeeb2b916b9cbced49b43ad579f100ede0dd79ae6cb115f764084ed0a3627
-
SHA512
1c2f04060d2685374ba211fbbdd78669adab36b73337fafa7eeccfe2fe7aab91a970132c83c3341e014bfd541ad27af2931b0db0f10ac4cb6b71f0bf8b936903
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-