General
-
Target
e84fcf08ded1588ad1b236274c7afe5f.bin
-
Size
631KB
-
Sample
240609-f838xafa93
-
MD5
dda674774c93760cfa01d2171860d776
-
SHA1
b9a4ae2e74317c379127722aba8365e8fca00704
-
SHA256
47538cb55804a5b078edd9b3376f6d80259f4a5724b9ca4ea014628c84476e87
-
SHA512
7db8ec3da6cce65233c625cac85ad35202bbb68e5ea108b50d2a1af0c9b52d479f97b0b09248713c65226d2a87908c94a8a7a7b490e36363f3152bee5b92687f
-
SSDEEP
12288:JSnpkA7M96y9VuWj1sXULgjS/uXNfks+9xWvDakNy7kzV6ISqP/:o+Ai68uWjWkLg0uXKs+mvDdNP56ISqH
Static task
static1
Behavioral task
behavioral1
Sample
PO 23897 Order Request.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cervezabaum.com - Port:
587 - Username:
[email protected] - Password:
36781193Baum - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.cervezabaum.com - Port:
587 - Username:
[email protected] - Password:
36781193Baum
Targets
-
-
Target
PO 23897 Order Request.exe
-
Size
679KB
-
MD5
8cb919da2d28a2e7a35a14a16c2abad3
-
SHA1
ccb408f332fb889635bc79b67c4dc4c73560fd3c
-
SHA256
38a05c98b7bd7131bc6d65dc7c5b2a68c63c63119a32012faf1981aa6f40a9c4
-
SHA512
523d9c571c672cc5f852225bcccfb913a72255719f4c9760cee35d9ced4f907bf3d0842d9c96f732d5c50c1f16d0575f87475b721afdd8c85c655156b7139d5f
-
SSDEEP
12288:ubBPJwKcI45ssbyJzx17McOjlvS9fIx7LlsyVf48keZL0WLE3q0tpeZsTQi:gBhcvCsY7Mv5K5Ix7gB4/EntAmTQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-