General
-
Target
d444fe22ed3dcbdded0a9a84628a731c.bin
-
Size
770KB
-
Sample
230328-cwvjfsad5s
-
MD5
9f709e828998d5b536f091f3eb5c1e0c
-
SHA1
309991b068b98d544e499596552b44431f298014
-
SHA256
b24b013c4bd6c4dbe6da2a9544549586e179fa28a7d928d6393eed1c6d0ed81f
-
SHA512
d4a1adcbb712bab4d84d0ec6b03585b16675d1c416cb9789c052fb639955e6ca46dc02c13167ec35668cfd84dfd769dba0066ec91e10921f2e6c99bedbca802e
-
SSDEEP
24576:XbQfMWNPkSh6qe8zlksvgg+pnBSV1wc537:kfJNPlhXeyB4BSki37
Static task
static1
Behavioral task
behavioral1
Sample
454c784e20e24793d9ed6ea55e6c8b308ced6dbdaf8a3d2de5dd7b1817ed231d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
454c784e20e24793d9ed6ea55e6c8b308ced6dbdaf8a3d2de5dd7b1817ed231d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.leonardfood.com - Port:
587 - Username:
karimi@leonardfood.com - Password:
K@rimi95
Extracted
agenttesla
Protocol: smtp- Host:
smtp.leonardfood.com - Port:
587 - Username:
karimi@leonardfood.com - Password:
K@rimi95 - Email To:
golasch18@web.de
Targets
-
-
Target
454c784e20e24793d9ed6ea55e6c8b308ced6dbdaf8a3d2de5dd7b1817ed231d.bin
-
Size
851KB
-
MD5
d444fe22ed3dcbdded0a9a84628a731c
-
SHA1
7cc58f8e8f3b979330896ee889865aab75faad4c
-
SHA256
454c784e20e24793d9ed6ea55e6c8b308ced6dbdaf8a3d2de5dd7b1817ed231d
-
SHA512
6329353f9b49ae697f90e1a0ea87b79091e9cdd20bff44ab16778cba4b5c5ede1f03fdf7b6cb4c93b7566c18b7768cd1ef7c5a5a9cda0bad95dff7ba0967a5a4
-
SSDEEP
12288:KUJB0OwKGww6dHoMw1WMU8yHyMqMUh1w4Olapol/c3yb3WLA7JhZ:T7Bzpw1jUpHylMUYrl/yVkD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-