Overview
overview
10Static
static
100d9e5116c1...e1.exe
windows7-x64
100d9e5116c1...e1.exe
windows10-2004-x64
10203dd97848...a7.exe
windows7-x64
1203dd97848...a7.exe
windows10-2004-x64
65d2a9e82b6...8f.exe
windows7-x64
75d2a9e82b6...8f.exe
windows10-2004-x64
7686e84d074...4d.exe
windows7-x64
686e84d074...4d.exe
windows10-2004-x64
ae30d28b17...a3.exe
windows7-x64
1ae30d28b17...a3.exe
windows10-2004-x64
6General
-
Target
samples.zip
-
Size
670KB
-
Sample
221129-gkq44sef8w
-
MD5
59e4d70fa46fc9ab83baef40caff18e7
-
SHA1
fc2e2b0bc5e63ef860a51edb360995c8f51e5f10
-
SHA256
278837977440d7f70135fa867391e3018fc871e3bfa50e22549db5acc6240afa
-
SHA512
2e5ab6240ca137357c020033c6517e38fe1f553f66f3bca11b2e3dfd4ba9719242eb8eb9017ec45eac83a8417886ce3c04118f04b1cd310f01ffff5e21e9c35a
-
SSDEEP
12288:uJCf+xlV0SWDTvyewOmMKfP13Lucpjz5/lG6cqZ1921LC6SFPkux+KRv2qYifE:Y+Ke6BLlQEmePPdOqYic
Behavioral task
behavioral1
Sample
0d9e5116c1da200fa3a55c84ca2195eb7bbbd1e1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0d9e5116c1da200fa3a55c84ca2195eb7bbbd1e1.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
203dd97848f29e54a66e575ae670288e8fd4a5a7.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
203dd97848f29e54a66e575ae670288e8fd4a5a7.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
5d2a9e82b6098813fa230152de286f7712b5608f.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
5d2a9e82b6098813fa230152de286f7712b5608f.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
686e84d074c115785122ad304357729b28b4a54d.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
686e84d074c115785122ad304357729b28b4a54d.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral9
Sample
ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
magic4magic@yandex.com - Password:
magic123
Targets
-
-
Target
0d9e5116c1da200fa3a55c84ca2195eb7bbbd1e1
-
Size
334KB
-
MD5
584b853e5f597883fb56cc5e879d8a3d
-
SHA1
0d9e5116c1da200fa3a55c84ca2195eb7bbbd1e1
-
SHA256
a73fd985f5f38ff58dc3112bc46d7e81190bad5567220cf46efe5608c4e307f0
-
SHA512
88b7f8c6fb7f9a19bbb9eb818cdbc51a3e95c25ba890eaf95576a3a9dd81ab7fbce5ef5bced6dbe16ff731e70c157f17276681fcd00205d280d1ec12bd6eea55
-
SSDEEP
6144:UmdOCKkkGBQOItDWaCjsjj9TB91goSjUOp0NMzh3HnzLkYvsbB:rdvkGBjADt8LtV8kn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
203dd97848f29e54a66e575ae670288e8fd4a5a7
-
Size
14KB
-
MD5
4ff69b632636d5873a72d8b9e5f49363
-
SHA1
203dd97848f29e54a66e575ae670288e8fd4a5a7
-
SHA256
91f3be1a3664e2df90205b238a162b2686039597796066598bb9c0fe6b42fc8d
-
SHA512
a47e196f33c6cd2d6fe1a770b6dee4988229cb9662d87783c726a25b948f47907ff0aa6c91dbd6c36f3a3c747396603c3f9f96606b4ac4607c11a1516833122e
-
SSDEEP
384:o7my13Huv7D6H28j7A4qtCtSrvyhkghaSH94Fwuxd:6z3ujD6H28qCtQSH9Ad
Score6/10-
Adds Run key to start application
-
-
-
Target
5d2a9e82b6098813fa230152de286f7712b5608f
-
Size
333KB
-
MD5
c1dfee07e576cc6c114bbe662788fe3a
-
SHA1
5d2a9e82b6098813fa230152de286f7712b5608f
-
SHA256
97dd39be1fa39f6c492968185bca20892db1d22b3b04ee8241d59da511bcfa28
-
SHA512
da947d5aac7a02b2731ed484941ce584d6002e27ebccfa51e37fddb2aa90351a2aaac9d86af4c53f4c28a77350e360bf6d025f589eabe3c06b49ef96361067ec
-
SSDEEP
6144:BFhd/LDhzE9ztQYkYk/DOSJ22QGw4c3SGg6eYvqbW:5d/HG0YNSJ22mL7
Score7/10-
Accesses Microsoft Outlook profiles
-
-
-
Target
686e84d074c115785122ad304357729b28b4a54d
-
Size
452KB
-
MD5
a577f13733cb61a74f72b2c79a46e6cd
-
SHA1
686e84d074c115785122ad304357729b28b4a54d
-
SHA256
7316ca7e61a4a4e0c31aa87ee8ab68208befd090934f5d60e8932e6f2d73ea18
-
SHA512
1f116acabad277bad0e54b5069d0e4a53ab67d10909651d7db114f36af7b949d7dd072228033ff3df9ecdb8d83ade0392a9d3f0d0cd4dc94fbdfd1489ce5c233
-
SSDEEP
6144:qigNTXNVL4S6IFhd/LDhzE9ztQYkYk/DOSJ22QGw4c3SGg6eYvqbW:JgNT7Oid/HG0YNSJ22mL7
Score1/10 -
-
-
Target
ae30d28b17fbce8e55203ad863c40bab8fe802a3
-
Size
14KB
-
MD5
1ac8b9de402661ccd077fd4a8a0ce04e
-
SHA1
ae30d28b17fbce8e55203ad863c40bab8fe802a3
-
SHA256
5b97d70b1c2057207234a32f59e60e341b61204f215b63d9d849d11f6d186e55
-
SHA512
1845745b17c47c7f8e5349a12cd7cd99cf70e558ebec0addc7a298fe9aac4f5528c2c848b5aa63f0fef4d0bef4d7d90600ee1b112e95d8b0b88b6716f468b40c
-
SSDEEP
384:Y+Um+OJbooSE325j7V81cwLCza/0ejFkXha1H94l5Z1V:FkOJbPSw25NGCza/08j1H9qZz
Score6/10-
Adds Run key to start application
-