General
-
Target
7f9a558c286182185482a0406820c176.exe
-
Size
88KB
-
Sample
230331-natwksag8t
-
MD5
7f9a558c286182185482a0406820c176
-
SHA1
cf775bb563c0329d9eb9cdbb0ac7768a107ae3bd
-
SHA256
5df3a5073fc1a14936a0227e2674ecdc580c804e117463a40b417a54334e04cc
-
SHA512
8a81d9a5d461e065be9c079ff0df63c87bd2d8d4c2d9d38c14de2968ec9fbe6187697601ee7fed55669e2c2d840a7656fcd68fd1bfcbc1eb33a3581597ac014e
-
SSDEEP
1536:nM7ZZ5X8Aq/pXM+C+tapLO4il11LRt9N7A:Mt/X8Aq/pXM+C+twLOjft9N7A
Malware Config
Extracted
purecrypter
http://192.3.215.60/uo7/Zkbscbhcbcv.png
Extracted
agenttesla
Protocol: smtp- Host:
smtp.tecnowares.com - Port:
587 - Username:
[email protected] - Password:
pY$WNuY3@@wed - Email To:
[email protected]
Targets
-
-
Target
7f9a558c286182185482a0406820c176.exe
-
Size
88KB
-
MD5
7f9a558c286182185482a0406820c176
-
SHA1
cf775bb563c0329d9eb9cdbb0ac7768a107ae3bd
-
SHA256
5df3a5073fc1a14936a0227e2674ecdc580c804e117463a40b417a54334e04cc
-
SHA512
8a81d9a5d461e065be9c079ff0df63c87bd2d8d4c2d9d38c14de2968ec9fbe6187697601ee7fed55669e2c2d840a7656fcd68fd1bfcbc1eb33a3581597ac014e
-
SSDEEP
1536:nM7ZZ5X8Aq/pXM+C+tapLO4il11LRt9N7A:Mt/X8Aq/pXM+C+twLOjft9N7A
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-