General

  • Target

    7e324097717d9a6469df3299fe36a286

  • Size

    1.7MB

  • Sample

    240128-2mwslabha6

  • MD5

    7e324097717d9a6469df3299fe36a286

  • SHA1

    96da6a90b06a1727b5717f38327237dd83cc5c24

  • SHA256

    408c69a20306a7dfc4f0ba118071adcf2d6eb1aa5fec5ba81ccc94651d09a71f

  • SHA512

    e01d24bbfc61b7651635ce7d8421e3d1dbfeb43c2eb735a63fb4902dccee84f982d07c5d4135bb248dbc6dc00bb657f22ac819535af5804656389aeff5589233

  • SSDEEP

    49152:b+61p+twbaarsEEfjn8VtLh5eMipbguoK:D1p+tw2arsEkj8Dt0tbg1

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

exportmunic007.duckdns.org:6606

exportmunic007.duckdns.org:7707

exportmunic007.duckdns.org:8808

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      7e324097717d9a6469df3299fe36a286

    • Size

      1.7MB

    • MD5

      7e324097717d9a6469df3299fe36a286

    • SHA1

      96da6a90b06a1727b5717f38327237dd83cc5c24

    • SHA256

      408c69a20306a7dfc4f0ba118071adcf2d6eb1aa5fec5ba81ccc94651d09a71f

    • SHA512

      e01d24bbfc61b7651635ce7d8421e3d1dbfeb43c2eb735a63fb4902dccee84f982d07c5d4135bb248dbc6dc00bb657f22ac819535af5804656389aeff5589233

    • SSDEEP

      49152:b+61p+twbaarsEEfjn8VtLh5eMipbguoK:D1p+tw2arsEkj8Dt0tbg1

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • AgentTesla payload

    • Async RAT payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks