General
-
Target
cd6c0b0f67bee9e57089b02c1b8a83ea0d454d5eb3790b9aab0f002d63b0133f
-
Size
1.2MB
-
Sample
220521-n5mqrahgfq
-
MD5
1a6cf4d8b537b162d65da8f536404494
-
SHA1
1684843cd07696be5643dd3859442bf17a491564
-
SHA256
cd6c0b0f67bee9e57089b02c1b8a83ea0d454d5eb3790b9aab0f002d63b0133f
-
SHA512
0e8028f1d82ae20ad3e5a3951c9ad0f7bfa3745d4326e6cc69fa94ef13b77afbd78fcc2a99a864ec0472ac7467db426485d7307f3a5c37536f68b47cd7e7e6af
Static task
static1
Behavioral task
behavioral1
Sample
SKM20064.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SKM20064.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dogulumetal.com - Port:
587 - Username:
[email protected] - Password:
DMaslak2950**
Extracted
Protocol: smtp- Host:
mail.dogulumetal.com - Port:
587 - Username:
[email protected] - Password:
DMaslak2950**
Targets
-
-
Target
SKM20064.EXE
-
Size
620KB
-
MD5
bdb5b41a394905200a90edf2632d469c
-
SHA1
9a5b37360aace8702a01877ded6a5bb7e0553996
-
SHA256
d7d6711fecf46a82d89b1d0ccba6e4a3cf2e5016a24671abeda65f620b8006f0
-
SHA512
ca3f710ad971e95210827790b4509613a3a83b4c987e3e45dc16ac8ae83d6bd1e3309ca4d9261cf9390031d72686dbb84e5effb9d34f8315b519b286908ed517
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-