General
-
Target
SecuriteInfo.com.Win32.DropperX-gen.15338.exe
-
Size
240KB
-
Sample
221003-kcemwsgefp
-
MD5
1577b0f5557db2eebfaa8eff445e7910
-
SHA1
faf3f2e94a6699321433d67c4674a3f1d0840604
-
SHA256
b8df5dd15d2bb8b3201cd4d3de86f6e8f0458a1fcc1939788ba38b99e7a219dc
-
SHA512
37c847d8ba0360a525d1930a8c2fe5e6c9fb2dac475cc633b2628aec3aa602a7585862c2f6c864e34c040108d05af14ca73b7c4768497e8e088c44588adee480
-
SSDEEP
768:ZJ0mVZIsf6VsB9VDgiX93JpjfxZ7QuaAL4CQANObhT0zReFD8K5M69m7zooCqWET:ZDZIW6aBjUiv
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.DropperX-gen.15338.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.DropperX-gen.15338.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5573324852:AAHIZ4Q-DwFDzqPmvNO-b6oPMlnlWj8EfMY/sendDocument
Targets
-
-
Target
SecuriteInfo.com.Win32.DropperX-gen.15338.exe
-
Size
240KB
-
MD5
1577b0f5557db2eebfaa8eff445e7910
-
SHA1
faf3f2e94a6699321433d67c4674a3f1d0840604
-
SHA256
b8df5dd15d2bb8b3201cd4d3de86f6e8f0458a1fcc1939788ba38b99e7a219dc
-
SHA512
37c847d8ba0360a525d1930a8c2fe5e6c9fb2dac475cc633b2628aec3aa602a7585862c2f6c864e34c040108d05af14ca73b7c4768497e8e088c44588adee480
-
SSDEEP
768:ZJ0mVZIsf6VsB9VDgiX93JpjfxZ7QuaAL4CQANObhT0zReFD8K5M69m7zooCqWET:ZDZIW6aBjUiv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-