General
-
Target
874f7647b014cbe79481dcb811ce8bb058f1a157a6694d1fdfd9470388ce9f90.rar
-
Size
652KB
-
Sample
240609-mfbfraaa57
-
MD5
ac5305b1ad7838f1afe1a6ea91890039
-
SHA1
9815a84ab513a2ba133bc1ff88e9a33382ce9e04
-
SHA256
874f7647b014cbe79481dcb811ce8bb058f1a157a6694d1fdfd9470388ce9f90
-
SHA512
69b3da1710bf52d8b164571fb8f948b6156f4d729d1b8f12f7fb256c5b9896238637ee9bcb0f4327927b8e8036f93eae260cbabf6bfae6357b6496727915ca26
-
SSDEEP
12288:/RzVgLligymUkIjhCG6MnKgdZMzJF3TP+on8oDQQRrKCPTDBlEmZYpcTduw2ZSkb:pz8lTX1GRNdQ/Pts4rKUEtL83C
Static task
static1
Behavioral task
behavioral1
Sample
SOA pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SOA pdf.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tajhiz-gostaran.com - Port:
587 - Username:
[email protected] - Password:
Ohv@dRNG{N^grViQHl - Email To:
[email protected]
Targets
-
-
Target
SOA pdf.exe
-
Size
717KB
-
MD5
0e928f8ca2a45826211c1e02c9ae09f8
-
SHA1
502ba9469f174b8ae062278be8ca847616d4e0f8
-
SHA256
3c4a6a16a5d8679e83400b100265e0513f5993e513d5f17c875976b09cd1bf25
-
SHA512
1ae4d75d15026e3277b42918756b1bc7a91960811136af4672ca48c9b943279b4ff22be4382275629693ae9f17b0c3e95ac1ade95c5bf167086015478aca4ca4
-
SSDEEP
12288:I3qyJMM/F1KswrqeiQgLI/VvH8WX1wMVeARbNPnN9jXBOQS6XczZLK4I7ukDkR:I6ON1KAYVvH8inwARbNPNNX3VMBK41kW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-