General
-
Target
zamówienie Z2300056_pdf .exe
-
Size
16KB
-
Sample
230214-w12ccaef4v
-
MD5
ce64f7cef876c36aa4cbced9f2a479ad
-
SHA1
23757c26d95a52e6ce8b391e4ba0f24787042d01
-
SHA256
a9ad1c8db51f9e20280bab4947b9d9b47572e7c634cca0e2b121f3e7966a976d
-
SHA512
48080167e57b97f776c2f0d4676e3800216a38fd9bef8646b38c8b0df81980706f193b7224a6a01acf8f4e72385b0cce4d1c2add8e4dbd39bbd7f72218717913
-
SSDEEP
192:2fH1PkDL5mE2QYVaog6ktDOp+4Fm97R4JO:cH1PkDL5meO6tDcPkK
Malware Config
Extracted
purecrypter
http://45.84.1.117/3477/Wgmpt.dll
Extracted
agenttesla
https://api.telegram.org/bot5846767138:AAHbrIUF1epdWlFQ2_64LCd8vdF121y1XGE/
Targets
-
-
Target
zamówienie Z2300056_pdf .exe
-
Size
16KB
-
MD5
ce64f7cef876c36aa4cbced9f2a479ad
-
SHA1
23757c26d95a52e6ce8b391e4ba0f24787042d01
-
SHA256
a9ad1c8db51f9e20280bab4947b9d9b47572e7c634cca0e2b121f3e7966a976d
-
SHA512
48080167e57b97f776c2f0d4676e3800216a38fd9bef8646b38c8b0df81980706f193b7224a6a01acf8f4e72385b0cce4d1c2add8e4dbd39bbd7f72218717913
-
SSDEEP
192:2fH1PkDL5mE2QYVaog6ktDOp+4Fm97R4JO:cH1PkDL5meO6tDcPkK
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-