General
-
Target
6a9b97d6916857f64d90084707de1e00.bin
-
Size
664KB
-
Sample
240327-cy1hgsdf7s
-
MD5
d8894f57bfe3ba2b665d9def7741c71a
-
SHA1
940e457d7cdc65bc12ab290d2b9b7835289e27f0
-
SHA256
1f3ebaae5ba347663e2b868be40e1f46591e6d4cdabcb2bb3c0d22e12608e639
-
SHA512
0246ee7d378de9ac4cd036a2d25847c9fe0a053df8b85048006976aa6b496af8ce55864d9f6a0ef4d5b5d9185ed96239aa020ed0ce7920199f221278ff3347b5
-
SSDEEP
12288:SBre6MJS7shX9eTYJfSI3w9KNSSqh0Z3z9qHFKKMS+1dlFuuNSpgZJ:SBK5wHiDIfhcZqtMS+1dlFP6gZJ
Static task
static1
Behavioral task
behavioral1
Sample
2f1acdeff407a2ddcc16a30e5524e07cc543d45e0df27cc0d6da3722f0f7c998.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2f1acdeff407a2ddcc16a30e5524e07cc543d45e0df27cc0d6da3722f0f7c998.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.eggumrukleme.com - Port:
587 - Username:
[email protected] - Password:
SGzcLs&yaGw - Email To:
[email protected]
Targets
-
-
Target
2f1acdeff407a2ddcc16a30e5524e07cc543d45e0df27cc0d6da3722f0f7c998.exe
-
Size
710KB
-
MD5
6a9b97d6916857f64d90084707de1e00
-
SHA1
d28f2fa2bd59bbaff092e752ce755220ed847405
-
SHA256
2f1acdeff407a2ddcc16a30e5524e07cc543d45e0df27cc0d6da3722f0f7c998
-
SHA512
46e9f4672c111e1cf3c0eb4774059331209c157b976f5a7f3daf96151eb42d891ee33a2da20196783846635d1aaaa748f86053c0577fccc25b33503a47293539
-
SSDEEP
12288:s84CMwpreEndxfpO7jweeZzsuA2XVlmocKZ4gnTGOc3or5d57cMLX9cswmy1/A:dreAdppO7E7HXVXc/gnTGOv/SNh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-