General
-
Target
9843d29c2d36c7c69f35929ff9ee015ab34a7f208ccd98b46602130d528e8f73
-
Size
243KB
-
Sample
220521-n33n7ahfhl
-
MD5
54366d8fbe6a788835ca0733c10518b2
-
SHA1
f33f37d47a6cd8d13a8cc2ebdee62c7d1f7513e7
-
SHA256
9843d29c2d36c7c69f35929ff9ee015ab34a7f208ccd98b46602130d528e8f73
-
SHA512
d4366c287d0f4a7619c5a316d1ee624ac8247d7865f3d86ab0294d1d0df891e37bc58c04ddb1da3fd08ee958fb41ea42cca37ed539805ea2bc1341fa863e42f7
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi0001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
hesaphareketi0001.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
hesaphareketi0001.exe
-
Size
666KB
-
MD5
27839275fde048fc4d871e8b87a9c2f1
-
SHA1
5f1fae9f00d7fd40fe9b4fcc9c3408c6e0c3d933
-
SHA256
d5ce7b34c08ff86a5bd09d3dbd25b03be1e9848a94d4306de1dd7503a9fa955b
-
SHA512
1c8e0a2f18169ebb7437e731beb11ef936fad10968a8eacb65679921735a4825a9474e8ec7d29759f9e574ac577c7958624792915a2bfbf3bc3e867e7a753305
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-