General
-
Target
3c26e3fb57f5181e65e9558c9eeb2f645492ed8e007c38ea96d00b9aa33957a7
-
Size
597KB
-
Sample
240329-bhfbyadd9t
-
MD5
e9ff89397ae155c00a611220c4ffb067
-
SHA1
da14fbbff393f69498287899897a7de9383f17cf
-
SHA256
3c26e3fb57f5181e65e9558c9eeb2f645492ed8e007c38ea96d00b9aa33957a7
-
SHA512
fb4f8eba3577bece3347d572b5f3d3bef616af35f277cb02f840a599c9e670ecefc45a5477b0dd2f1cc35c0ff234f2a29eb378a2240cd4831d9b98c95b90e8ef
-
SSDEEP
12288:STssIjRucQIKS7F2iMUB83bBpxxDrkS3piYbSeC/vuEWQ:xjRR1J7FbMJ3bnP3kDYbKvuPQ
Static task
static1
Behavioral task
behavioral1
Sample
SATIN ALMA EMRİ_PDF.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SATIN ALMA EMRİ_PDF.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
royallog@fibraunollc.top - Password:
7213575aceACE@#$ - Email To:
royal@fibraunollc.top
Targets
-
-
Target
SATIN ALMA EMRİ_PDF.exe
-
Size
611KB
-
MD5
ff78832074659316429eae05feaed982
-
SHA1
e78bdc8b2f7c475aabc1d06b96739a10374b2879
-
SHA256
efe843e7a38bf867d8229fca37228d00ad7b8c7b6514c9fe7011befe33ba1930
-
SHA512
7936956713fc488d45f1da9ba41a9ef821a6eea142a2814b774cd88c8dd31f1a0ec2cf1498b65193cba313bcffe4a241a80e06bcfcda60bb98ed8dc8557dd296
-
SSDEEP
12288:mWYIwC6yssIj/uoQOKQ1t2sMUB83zBpFxbry63piYb6e6/vutWD:mWYI0Zj/jxd1tPMJ3znr/ybYbevuED
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-