General
-
Target
e078b475809986ee55948bb768ee9cde
-
Size
455KB
-
Sample
240327-b5hetace3s
-
MD5
e078b475809986ee55948bb768ee9cde
-
SHA1
d226c78d1403e1d6eddf71391814ade0d3ee6099
-
SHA256
2d0efd49d4743047d816c892185352bf7bb107210e325e1a8415d5803eb317fe
-
SHA512
7d9add9296b32c1514872ce03ebee5cc799cb5fcfba701562ef423d8e1ad38b2d9d60b4a0015af6f1f80026dc7ef399c5be29c53c026365de71d555b42f255a2
-
SSDEEP
6144:bDycp1geLGVRLEJXoGJByRYThyyCGQuEnmubCT1VbVGQQfO0ciy4yyYdvdEZOZrZ:yUqMGAbJaYT8ygdmqlN2bFbIZ2q4upi
Static task
static1
Behavioral task
behavioral1
Sample
MRKU8781602.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MRKU8781602.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1633482536:AAF1JIS_DaayovuRrLGy_POYaI3DRc2CrPY/sendDocument
Targets
-
-
Target
MRKU8781602.exe
-
Size
612KB
-
MD5
bbed19abf6b369658b6996317e2e2067
-
SHA1
b252760938e016ea408efb75cab44defa95a6b17
-
SHA256
eddc270558f27cf00441f9056ca98264e14708d8202647bb461c371e6db85cdb
-
SHA512
94021a9caceef74dc3d3bc62e39ca056c71ea8e01683f81cde451187007d3adc6ece3640490be0797c1e2f8e2d54a7ece3a7f528fea08de6b0fa86efd4534579
-
SSDEEP
12288:XveLBT4EhJaiTCy+x+qPzubHPmS8u0RI3MIKQ3GLOir:XveLykaiTqDM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-