General
-
Target
zamówienie.img
-
Size
78KB
-
Sample
230214-nqkmvacd5y
-
MD5
b40e72f52bdfae03646792535fee83d0
-
SHA1
5d8e32e477d74249d64a1bf0d2891602885cd09c
-
SHA256
2f55dbe8f4d63f160bb03799fe4d97ede37cb3312579464baf596769e875be23
-
SHA512
4da551d15f723a0f4759a4eb2536f2dcc026f48efb0aab86bf24414a7442197657253d257d656f28633d9b87ab0d1afdf18c90476fce3067160f2574c894a3f7
-
SSDEEP
192:NbpoR61BG51zAfH1PkDL5mE2QYVaog6ktDOp+4Fm97R4JO:Nbp+63G5xCH1PkDL5meO6tDcPkK
Malware Config
Extracted
purecrypter
http://45.84.1.117/3477/Wgmpt.dll
Extracted
agenttesla
https://api.telegram.org/bot5846767138:AAHbrIUF1epdWlFQ2_64LCd8vdF121y1XGE/
Targets
-
-
Target
zamówienie Z2300056_pdf .exe
-
Size
16KB
-
MD5
ce64f7cef876c36aa4cbced9f2a479ad
-
SHA1
23757c26d95a52e6ce8b391e4ba0f24787042d01
-
SHA256
a9ad1c8db51f9e20280bab4947b9d9b47572e7c634cca0e2b121f3e7966a976d
-
SHA512
48080167e57b97f776c2f0d4676e3800216a38fd9bef8646b38c8b0df81980706f193b7224a6a01acf8f4e72385b0cce4d1c2add8e4dbd39bbd7f72218717913
-
SSDEEP
192:2fH1PkDL5mE2QYVaog6ktDOp+4Fm97R4JO:cH1PkDL5meO6tDcPkK
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-