General
-
Target
125138529f0b99612ea633104c80f895b523a6d95f70da58e30edb94e9e258fe
-
Size
856KB
-
Sample
240612-b245eaxhqm
-
MD5
02c38b2407830ee92fb9973c53746a5e
-
SHA1
a6945865d73be1a0ce2c5b51e91d6351b0c5a3ff
-
SHA256
125138529f0b99612ea633104c80f895b523a6d95f70da58e30edb94e9e258fe
-
SHA512
3e040a31b612647383b5bc3475421236129c41182f5334505e89fd4dd26cea4a34628309e5e9c0b3d1dbfd8259a8054f44961da5c1f7bdb216aa03c373633ade
-
SSDEEP
24576:3g61jjk0LAta9APUDIIRVfEkME+GZ9kDI1Q/uI9H9hNSAP0tdZ:bV3Eh6ExVbNSh
Static task
static1
Behavioral task
behavioral1
Sample
125138529f0b99612ea633104c80f895b523a6d95f70da58e30edb94e9e258fe.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
125138529f0b99612ea633104c80f895b523a6d95f70da58e30edb94e9e258fe.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ekolev.com.tr - Port:
587 - Username:
[email protected] - Password:
Ekol.1071 - Email To:
[email protected]
Targets
-
-
Target
125138529f0b99612ea633104c80f895b523a6d95f70da58e30edb94e9e258fe
-
Size
856KB
-
MD5
02c38b2407830ee92fb9973c53746a5e
-
SHA1
a6945865d73be1a0ce2c5b51e91d6351b0c5a3ff
-
SHA256
125138529f0b99612ea633104c80f895b523a6d95f70da58e30edb94e9e258fe
-
SHA512
3e040a31b612647383b5bc3475421236129c41182f5334505e89fd4dd26cea4a34628309e5e9c0b3d1dbfd8259a8054f44961da5c1f7bdb216aa03c373633ade
-
SSDEEP
24576:3g61jjk0LAta9APUDIIRVfEkME+GZ9kDI1Q/uI9H9hNSAP0tdZ:bV3Eh6ExVbNSh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-