General
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.24912.15475.exe
-
Size
1.1MB
-
Sample
221129-llgdhsag6s
-
MD5
73cdbb95bdd4e96ea1375049f278c98c
-
SHA1
4e14d3a9b22dbd243069c4aacb93b0f6b53bc4e7
-
SHA256
f7318ba2fa1309d96755c3f7614b24f8ff05c3d14491f9becfab3b58f2be00d0
-
SHA512
56986c7722cc1619b2374c4a64ac33a0a59048f2c1785899c528c6b4d7a5074f6fcf79d2ba33db1f6d733d2256b94b9e3eeff24470848bb15333343e5cdb9ec6
-
SSDEEP
24576:pxjtt7yHJWRcvr7v6IZf3rDdEPfu86IHlFfA:ppttOp9iPWmFNA
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.CrypterX-gen.24912.15475.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.CrypterX-gen.24912.15475.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.eurekapools.com.my - Port:
587 - Username:
account@eurekapools.com.my - Password:
%Ach8899@!an
Targets
-
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.24912.15475.exe
-
Size
1.1MB
-
MD5
73cdbb95bdd4e96ea1375049f278c98c
-
SHA1
4e14d3a9b22dbd243069c4aacb93b0f6b53bc4e7
-
SHA256
f7318ba2fa1309d96755c3f7614b24f8ff05c3d14491f9becfab3b58f2be00d0
-
SHA512
56986c7722cc1619b2374c4a64ac33a0a59048f2c1785899c528c6b4d7a5074f6fcf79d2ba33db1f6d733d2256b94b9e3eeff24470848bb15333343e5cdb9ec6
-
SSDEEP
24576:pxjtt7yHJWRcvr7v6IZf3rDdEPfu86IHlFfA:ppttOp9iPWmFNA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-