General
-
Target
PujH3zZZ8CZ2PQh.iso.rar
-
Size
621KB
-
Sample
230216-s25jlsac87
-
MD5
d25f7e4b84fdf47d6d84304aeb807c91
-
SHA1
3584963b348953b4aa0ac281129749074cdf0668
-
SHA256
71c9ed2c4eed613b53dc4324dd037ef1356aa990ba3de509d46a3144c847545d
-
SHA512
468beed29635a291890524d646613fce1ae144edc0b19a053cd78cfbd60c1f682fb10d283260909b644b0167173682c70cd36cdffc91483fdf35beffdacffa4b
-
SSDEEP
12288:NIjxSYcsFUGpJcIdMSSRMA1xSAykfcQmRsYKpg2oB1b:Sjx/bcmMS8MA1xcRQmsZpU
Static task
static1
Behavioral task
behavioral1
Sample
PujH3zZZ8CZ2PQh.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PujH3zZZ8CZ2PQh.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
192.3.193.136:2023
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
agenttesla
https://api.telegram.org/bot5171883538:AAEyFWuNh68SJNNpkDCQbviRgrklZA3K4Qs/
Targets
-
-
Target
PujH3zZZ8CZ2PQh.exe
-
Size
690KB
-
MD5
ff03d21030f0ceec34b64a1354e12eca
-
SHA1
d4fd57bf4a367e0c3c7c12d1bf5d2fa24cfb4050
-
SHA256
f77b10f6ec51ae7c41bbf862324e2ec41527f2ddda49b85765ea45919480832e
-
SHA512
0c2a0c81aee2277a56d161c970d51e21bdf507bebbe6f85ffaaacc456765dba6c31a328bb014f3493d569c4e62f38ffa01972b5d88ffddf4b3e8b26bab61df2f
-
SSDEEP
12288:Gh6q6EM7YC0ND571Vd8Sd9GNx1l3V8HzLUExWB:GYXpQ57jfaxPleoB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-