General
-
Target
f47a77d7238fe78b69a9052c64eb5877509e3b38e647b73a297a129bdefe7e5a
-
Size
753KB
-
Sample
240612-b4trfsyamm
-
MD5
41ec13547c155db2bfcb4035368f2ddc
-
SHA1
bf1dd45f554c246225104c2f7874cdb7cab9f91f
-
SHA256
f47a77d7238fe78b69a9052c64eb5877509e3b38e647b73a297a129bdefe7e5a
-
SHA512
a0713ba4c5aab008f86c0d3947b6684e711609bdb06601c65ab142a7d60b05933dbfeed906a34a3045ddff646ef22b5e9c95168dd2aef0e30b610ac520c3c6f7
-
SSDEEP
12288:i+B2K2IU98H7+zhEpvRFOfjOIqkOc3GwGg7DCvJvzCjB1CC2TACR5leZlNc:aIUg7AGOKI7Wj6DCtCLCCMA+erC
Static task
static1
Behavioral task
behavioral1
Sample
f47a77d7238fe78b69a9052c64eb5877509e3b38e647b73a297a129bdefe7e5a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f47a77d7238fe78b69a9052c64eb5877509e3b38e647b73a297a129bdefe7e5a.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ekolev.com.tr - Port:
587 - Username:
[email protected] - Password:
Ekol.1071 - Email To:
[email protected]
Targets
-
-
Target
f47a77d7238fe78b69a9052c64eb5877509e3b38e647b73a297a129bdefe7e5a
-
Size
753KB
-
MD5
41ec13547c155db2bfcb4035368f2ddc
-
SHA1
bf1dd45f554c246225104c2f7874cdb7cab9f91f
-
SHA256
f47a77d7238fe78b69a9052c64eb5877509e3b38e647b73a297a129bdefe7e5a
-
SHA512
a0713ba4c5aab008f86c0d3947b6684e711609bdb06601c65ab142a7d60b05933dbfeed906a34a3045ddff646ef22b5e9c95168dd2aef0e30b610ac520c3c6f7
-
SSDEEP
12288:i+B2K2IU98H7+zhEpvRFOfjOIqkOc3GwGg7DCvJvzCjB1CC2TACR5leZlNc:aIUg7AGOKI7Wj6DCtCLCCMA+erC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-