General
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe
-
Size
1015KB
-
Sample
221202-g8cxdsef5x
-
MD5
17a3633b6f0ddc4b4429163f3469fa81
-
SHA1
5accb3182865a75312a64e87431278f1072b81ca
-
SHA256
be6eddee7716fd87a1ff8c8b407bc3895b6acb165ecbaec087f1ebc4914d438c
-
SHA512
83afc20ba452faccfc1dd7620286e8bcee36ca80d24e4d8613947c2499f5bc0f9e4500b720aa299365c0fdcf4a482a693ad7bc98aad60c6c87183a659fc52a11
-
SSDEEP
12288:MwmIyhLfp/sVfdcYjBpxInkHKnnM4gngscPUYZYq0FCblKqQjL9QzX7BIBi8pV4c:9mBhS7uIKnMTXJu6UxKLjJQ5B8pnzTx
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5676971476:AAFdGsXW8kwzXNIluAGV-a4sJ2XBy68O9WI/
Targets
-
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe
-
Size
1015KB
-
MD5
17a3633b6f0ddc4b4429163f3469fa81
-
SHA1
5accb3182865a75312a64e87431278f1072b81ca
-
SHA256
be6eddee7716fd87a1ff8c8b407bc3895b6acb165ecbaec087f1ebc4914d438c
-
SHA512
83afc20ba452faccfc1dd7620286e8bcee36ca80d24e4d8613947c2499f5bc0f9e4500b720aa299365c0fdcf4a482a693ad7bc98aad60c6c87183a659fc52a11
-
SSDEEP
12288:MwmIyhLfp/sVfdcYjBpxInkHKnnM4gngscPUYZYq0FCblKqQjL9QzX7BIBi8pV4c:9mBhS7uIKnMTXJu6UxKLjJQ5B8pnzTx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-