General
-
Target
8ce7fa07609ee715d17d41ebcc2036d9.bin
-
Size
628KB
-
Sample
240327-dkvkraec7x
-
MD5
28841e256cef5ade62f93251d0f0595f
-
SHA1
a582ff51d55bc2cf60ea79ae0e7e7299ee30f829
-
SHA256
8bfbcda7cfa8560657469906da64d45c668e885586995e044beb402191e3bd0e
-
SHA512
cb30d5e75f86b60cd99711a02f44f7d0e224368381a282c9d50c345f533e0b0e843afd4865e3b66a617e27ba5157d4c9307220fc4e217cb71acdcde0c514717d
-
SSDEEP
12288:QOOOEi2S0MBZdBjKmvuAPDB4f72cBEwmLXn1FOT3sAyMRuBvUlJVdW:+OEi9vBZvp1iDmLU3s3WjW
Static task
static1
Behavioral task
behavioral1
Sample
4d907c3d7974732445e036c17d48ffa394628c26a25c5eac76eafd101d4299a3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4d907c3d7974732445e036c17d48ffa394628c26a25c5eac76eafd101d4299a3.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nogamobilya.com - Port:
587 - Username:
[email protected] - Password:
121121.1.noga! - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.nogamobilya.com - Port:
587 - Username:
[email protected] - Password:
121121.1.noga!
Targets
-
-
Target
4d907c3d7974732445e036c17d48ffa394628c26a25c5eac76eafd101d4299a3.exe
-
Size
684KB
-
MD5
8ce7fa07609ee715d17d41ebcc2036d9
-
SHA1
3d72cbab3a62ae99cc2fe87f9767da426ae1330b
-
SHA256
4d907c3d7974732445e036c17d48ffa394628c26a25c5eac76eafd101d4299a3
-
SHA512
74fe31189bd9b89331aa3b36fbcb15d8057a1acfa5bbbd3f1cb6824552069e0b6639d3044181cbf81c4fc3702a6cf7681f1984f96c9ba6ba2cc7f0d826b4688b
-
SSDEEP
12288:h8EgC74CMw0CLKcpcxcVOlMU60C6b8sBoigImwvht52PN1:h8EFAcpYcV0MU60XbJ/gPn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-