General
-
Target
a00366a3483d1d632223d68c8e6e3f15.bin
-
Size
991KB
-
Sample
230928-ch6dssfd6s
-
MD5
b8b908fec4228a1de42ca00d67558c20
-
SHA1
b78fb12f6d43734b0f891742b0e4edfca6fc2139
-
SHA256
6be6165efc48f7f9f60a5b90b8c5729e33623773e55354ae8e3e4611e03b64d9
-
SHA512
64cf3a7616d7dd7d56f3bd4d3bfd3a273ae2958bf5885e766d1eb0078989c533b68c786715d3c8d08c0beb5c2153c321d1b2b4e3b556360278583acad3e02ca1
-
SSDEEP
24576:QdGTr09kiC6GceKXGHuD3Mw3UsBaG7WgeNE/Y0hgJezDqxvK:QdGHR6TeYGOfEsMZgeNERBAvK
Static task
static1
Behavioral task
behavioral1
Sample
14bf7140553ce01a73ddd0bad30d173a14aa1614ee208b01f7a165969aefdc00.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
14bf7140553ce01a73ddd0bad30d173a14aa1614ee208b01f7a165969aefdc00.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.product-secured.com - Port:
21 - Username:
[email protected] - Password:
2V8SHFwjad34@@##
Targets
-
-
Target
14bf7140553ce01a73ddd0bad30d173a14aa1614ee208b01f7a165969aefdc00.exe
-
Size
1.1MB
-
MD5
a00366a3483d1d632223d68c8e6e3f15
-
SHA1
9d3e8a5526c15408d28ad1af21937020accc5ff2
-
SHA256
14bf7140553ce01a73ddd0bad30d173a14aa1614ee208b01f7a165969aefdc00
-
SHA512
8a2579d06efaa4f49e73b50993ddd15728639c3ec73a743939cfcb1e2b46c899386719a0c83aca55891b54d7e639e9099254bc35a4ba1f21f6346934c93a5a24
-
SSDEEP
24576:6oJkNU2vAuIan9AuMyLSisyKuMYc8u5XMxoZgnb3iPwwxA5MY:6ouFAuB9AuMyLSglMYdCMxoiboU
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-