General
-
Target
8ea20141506c36d1d8f5aec2f826d82b486b4be876cd10e12cdca552fbf12cfb
-
Size
851KB
-
Sample
240619-cvgk7ssbra
-
MD5
763d39aad3e9baca6aa4c21e243d4b9f
-
SHA1
1b649eb42acd2d32337efd48649b17e235841221
-
SHA256
8ea20141506c36d1d8f5aec2f826d82b486b4be876cd10e12cdca552fbf12cfb
-
SHA512
c82b6fd17d5efcbda1b1ce70910d697f01edb811297ad06f2f661f5f4fbe735dc466a0d5ffb3f8c2013a41376272f8aaa2ee45de5c5f0cdc90a38e39484ecb97
-
SSDEEP
24576:PMYenXN5iI1vJ28mHFQVceE3txhL4XS0G:PMYeXN5i6vATHOVq3txt4XS
Static task
static1
Behavioral task
behavioral1
Sample
8ea20141506c36d1d8f5aec2f826d82b486b4be876cd10e12cdca552fbf12cfb.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
8ea20141506c36d1d8f5aec2f826d82b486b4be876cd10e12cdca552fbf12cfb.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iclalreklam.com - Port:
587 - Username:
[email protected] - Password:
09042017ela - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.iclalreklam.com - Port:
587 - Username:
[email protected] - Password:
09042017ela
Targets
-
-
Target
8ea20141506c36d1d8f5aec2f826d82b486b4be876cd10e12cdca552fbf12cfb
-
Size
851KB
-
MD5
763d39aad3e9baca6aa4c21e243d4b9f
-
SHA1
1b649eb42acd2d32337efd48649b17e235841221
-
SHA256
8ea20141506c36d1d8f5aec2f826d82b486b4be876cd10e12cdca552fbf12cfb
-
SHA512
c82b6fd17d5efcbda1b1ce70910d697f01edb811297ad06f2f661f5f4fbe735dc466a0d5ffb3f8c2013a41376272f8aaa2ee45de5c5f0cdc90a38e39484ecb97
-
SSDEEP
24576:PMYenXN5iI1vJ28mHFQVceE3txhL4XS0G:PMYeXN5i6vATHOVq3txt4XS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-