General
-
Target
18d5927d197f41af4d9b16621b0515a6
-
Size
172KB
-
Sample
220630-vnrfyafbd9
-
MD5
18d5927d197f41af4d9b16621b0515a6
-
SHA1
d2f4345de440d781b22f3ecf5b922783b4264bdd
-
SHA256
613113ce85195ad4ee1d48d212424be5719d697429f2cfe422752e056d2236c0
-
SHA512
60dde5e043e91469135829aa1590d7e505644fa22a675a205e5cc40e507b27b06e6fcfcc418b72fc8752a788ce51fd8ee3919fa4534ae94bf889db948b50e24b
Static task
static1
Behavioral task
behavioral1
Sample
18d5927d197f41af4d9b16621b0515a6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
18d5927d197f41af4d9b16621b0515a6.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
http://136.144.41.76/bray/inc/a4a9ffb236214a.php
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:1111
62.197.136.167:6606
62.197.136.167:7707
62.197.136.167:8808
62.197.136.167:1111
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
18d5927d197f41af4d9b16621b0515a6
-
Size
172KB
-
MD5
18d5927d197f41af4d9b16621b0515a6
-
SHA1
d2f4345de440d781b22f3ecf5b922783b4264bdd
-
SHA256
613113ce85195ad4ee1d48d212424be5719d697429f2cfe422752e056d2236c0
-
SHA512
60dde5e043e91469135829aa1590d7e505644fa22a675a205e5cc40e507b27b06e6fcfcc418b72fc8752a788ce51fd8ee3919fa4534ae94bf889db948b50e24b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Communicating with CnC Server
suricata: ET MALWARE AgentTesla Communicating with CnC Server
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-