General
-
Target
ÖnderGrup-2023,jpg.exe
-
Size
647KB
-
Sample
230401-l52hsshc77
-
MD5
b042d473798b5f1075e53e178ad7e0da
-
SHA1
422377a595c6559d0e0878bc0edc04c0d19a87e7
-
SHA256
706dcbef87d17593d63504485cca84f2ba9ceea75873d08eea041c7b5c1291ae
-
SHA512
fc1914704bd0748f1ec306b54e5e837afadc7b415ce2038191f34c452ea29ac2bbc5acbe5fa5f47117d59385f6ca9ee76a1c9ab054fca7b867e6aa6a67a2851e
-
SSDEEP
12288:3Yx/BJIdm3xOZHUrb4j9uTEAmHedQUrAto1:3Yx8d7erJuedsto1
Static task
static1
Behavioral task
behavioral1
Sample
ÖnderGrup-2023,jpg.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ÖnderGrup-2023,jpg.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.greenvalleycharity.org - Port:
21 - Username:
master@greenvalleycharity.org - Password:
mike63976460
Targets
-
-
Target
ÖnderGrup-2023,jpg.exe
-
Size
647KB
-
MD5
b042d473798b5f1075e53e178ad7e0da
-
SHA1
422377a595c6559d0e0878bc0edc04c0d19a87e7
-
SHA256
706dcbef87d17593d63504485cca84f2ba9ceea75873d08eea041c7b5c1291ae
-
SHA512
fc1914704bd0748f1ec306b54e5e837afadc7b415ce2038191f34c452ea29ac2bbc5acbe5fa5f47117d59385f6ca9ee76a1c9ab054fca7b867e6aa6a67a2851e
-
SSDEEP
12288:3Yx/BJIdm3xOZHUrb4j9uTEAmHedQUrAto1:3Yx8d7erJuedsto1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-