General
-
Target
�nderGrup-2023,jpg.rar
-
Size
451KB
-
Sample
230401-nfezlshf72
-
MD5
df5080d8ccab7aceb26ffae967f4400e
-
SHA1
8e34f64185ee02cbd6e6790095525295640dbebf
-
SHA256
360562c76bfad1a85f8834a5bfd80dc1d816d7b2a0d40a335251e80150d006ab
-
SHA512
8604fdd2ef3b160ace01a00c6a2b163717010139011e5331530f3514bba8df6da0656e92cb963cbea7a272233ef4b6f353a408a93da59dae43cd4774bb8c468d
-
SSDEEP
12288:2MpWz6ckutDoFHrGFo8QWMfbBv838AzJ92StE:2hDkSDo1rioFVvM8Az/e
Static task
static1
Behavioral task
behavioral1
Sample
ÖnderGrup-2023,jpg.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ÖnderGrup-2023,jpg.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.greenvalleycharity.org - Port:
21 - Username:
[email protected] - Password:
mike63976460
Targets
-
-
Target
ÖnderGrup-2023,jpg.exe
-
Size
647KB
-
MD5
b042d473798b5f1075e53e178ad7e0da
-
SHA1
422377a595c6559d0e0878bc0edc04c0d19a87e7
-
SHA256
706dcbef87d17593d63504485cca84f2ba9ceea75873d08eea041c7b5c1291ae
-
SHA512
fc1914704bd0748f1ec306b54e5e837afadc7b415ce2038191f34c452ea29ac2bbc5acbe5fa5f47117d59385f6ca9ee76a1c9ab054fca7b867e6aa6a67a2851e
-
SSDEEP
12288:3Yx/BJIdm3xOZHUrb4j9uTEAmHedQUrAto1:3Yx8d7erJuedsto1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-