General
-
Target
fe84ba7054e8b3a9f45220feb06bd7af.bin
-
Size
595KB
-
Sample
240328-ejjyasbf65
-
MD5
b57b3a90edc1a937aedceae20ad07730
-
SHA1
1f891eb8aca165276e9be8922e56f205e6a1a1a6
-
SHA256
3b097eda655a7c83b6409489640eca65f61f82d5db155a8a1a9bf013bae9dd65
-
SHA512
cbdc0acd61f52905597ee87424d9c4eb2ac8c50b8cb154676dfa8a245f88afc2ce4be29bd4592438f590e42495f8ef898d071d6a0eddd0f3cbde8f0653c7a21c
-
SSDEEP
12288:BvUZrKeG9y2SP0gIEcWvnYgfEZ9GFRPwDffSBXbW+8G:BvUZrKeG9pSP6GjEZ9jnmKq
Static task
static1
Behavioral task
behavioral1
Sample
0385e72feabb9b4207ae2266774849feb9d5179d036b4292e5ffed33c27a5f4a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0385e72feabb9b4207ae2266774849feb9d5179d036b4292e5ffed33c27a5f4a.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nogamobilya.com - Port:
587 - Username:
export@nogamobilya.com - Password:
121121.1.noga! - Email To:
gasstsolar@gmail.com
Extracted
Protocol: smtp- Host:
mail.nogamobilya.com - Port:
587 - Username:
export@nogamobilya.com - Password:
121121.1.noga!
Targets
-
-
Target
0385e72feabb9b4207ae2266774849feb9d5179d036b4292e5ffed33c27a5f4a.exe
-
Size
606KB
-
MD5
fe84ba7054e8b3a9f45220feb06bd7af
-
SHA1
6b5c9429d87c33147997876c7bfdb3e219563b7f
-
SHA256
0385e72feabb9b4207ae2266774849feb9d5179d036b4292e5ffed33c27a5f4a
-
SHA512
c8f560b5378c36f6b0a23a4e22048ff6232f6a9ad3c083e9a9ce8b265074471b52118fcc82e3a7dd181c76ac2c94422aabcb2d5019796650200c4f19f71cb52b
-
SSDEEP
12288:FhtMAatmv4zKbju0GllCbxFKonJFmi6JW2D6keSDow1bUU4a5W:FhtMAatmXTGlstvifHDowE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-