General
-
Target
54b87c735e53dc46cb15851c539dd0d020850f36df0fe8847b3b646ef7f3bb09
-
Size
427KB
-
Sample
220521-nsh7sseag3
-
MD5
86fc6cd4ff9da68ac2d0851dc43c955a
-
SHA1
1bfef6007bb095d8b5a0922199f4843e2165e806
-
SHA256
54b87c735e53dc46cb15851c539dd0d020850f36df0fe8847b3b646ef7f3bb09
-
SHA512
373eecd2183957f6ada03fa585f9d4f39382da5935a64174228e1718677fc37044d80ba95d69f73851a8d23f578cb053bf2d476226bda6311216fc6ad9c1c33e
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advise 16th-06-2020_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Advise 16th-06-2020_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.karcek.com.tr - Port:
587 - Username:
info@karcek.com.tr - Password:
Ahmet.6193
Extracted
Protocol: smtp- Host:
mail.karcek.com.tr - Port:
587 - Username:
info@karcek.com.tr - Password:
Ahmet.6193
Targets
-
-
Target
Payment Advise 16th-06-2020_PDF.exe
-
Size
598KB
-
MD5
fbc4dfd8c27de605878999bb9f926476
-
SHA1
2cdf59053c9e0dab274f669e7d469c6d4c765164
-
SHA256
8f7831eb11d3b735517f5a32630d2c610caf3046e39c60c08fb42d0d864aa3b7
-
SHA512
6a6ba3853e6c8b7497ede01f1e55bd5322945923271eca402b85587e6abb74d08933df1a06f6a9083301894b71848ca0320e34a834efad5a547fd4579ded4b30
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-