General
-
Target
Komercijalna.exe
-
Size
75KB
-
Sample
220701-qvba3sfhd6
-
MD5
a345151fb544be3e1df9f07be51063e1
-
SHA1
0d0e194f720298af42a04628290704eb53bf6e96
-
SHA256
d37759d28521bfeb8b4f5de10692edb29c3bbf6a377e8f16aa9309cf5a978571
-
SHA512
0a32c56b637df341761599a27b167e562a5d288136bb964b9298b1dbf3a7147fec59b1509820d96603d6b232a1a442ef6639961e32825cf2ed7d71f0b25792b3
Static task
static1
Behavioral task
behavioral1
Sample
Komercijalna.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Komercijalna.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.barqaab.com - Port:
587 - Username:
info@barqaab.com - Password:
Great@999@
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:9128
127.0.0.1:9121
23.105.131.196:6606
23.105.131.196:7707
23.105.131.196:8808
23.105.131.196:9128
23.105.131.196:9121
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
agenttesla
Protocol: smtp- Host:
mail.barqaab.com - Port:
587 - Username:
info@barqaab.com - Password:
Great@999@ - Email To:
contacto@filtrosdys.com
Targets
-
-
Target
Komercijalna.exe
-
Size
75KB
-
MD5
a345151fb544be3e1df9f07be51063e1
-
SHA1
0d0e194f720298af42a04628290704eb53bf6e96
-
SHA256
d37759d28521bfeb8b4f5de10692edb29c3bbf6a377e8f16aa9309cf5a978571
-
SHA512
0a32c56b637df341761599a27b167e562a5d288136bb964b9298b1dbf3a7147fec59b1509820d96603d6b232a1a442ef6639961e32825cf2ed7d71f0b25792b3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-