General
-
Target
7e324097717d9a6469df3299fe36a286
-
Size
1.7MB
-
Sample
240128-2mwslabha6
-
MD5
7e324097717d9a6469df3299fe36a286
-
SHA1
96da6a90b06a1727b5717f38327237dd83cc5c24
-
SHA256
408c69a20306a7dfc4f0ba118071adcf2d6eb1aa5fec5ba81ccc94651d09a71f
-
SHA512
e01d24bbfc61b7651635ce7d8421e3d1dbfeb43c2eb735a63fb4902dccee84f982d07c5d4135bb248dbc6dc00bb657f22ac819535af5804656389aeff5589233
-
SSDEEP
49152:b+61p+twbaarsEEfjn8VtLh5eMipbguoK:D1p+tw2arsEkj8Dt0tbg1
Static task
static1
Behavioral task
behavioral1
Sample
7e324097717d9a6469df3299fe36a286.exe
Resource
win7-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.serhatmakina.com.tr - Port:
587 - Username:
[email protected] - Password:
%TnDh@crMZ5Y - Email To:
[email protected]
Extracted
asyncrat
0.5.7B
Default
exportmunic007.duckdns.org:6606
exportmunic007.duckdns.org:7707
exportmunic007.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
7e324097717d9a6469df3299fe36a286
-
Size
1.7MB
-
MD5
7e324097717d9a6469df3299fe36a286
-
SHA1
96da6a90b06a1727b5717f38327237dd83cc5c24
-
SHA256
408c69a20306a7dfc4f0ba118071adcf2d6eb1aa5fec5ba81ccc94651d09a71f
-
SHA512
e01d24bbfc61b7651635ce7d8421e3d1dbfeb43c2eb735a63fb4902dccee84f982d07c5d4135bb248dbc6dc00bb657f22ac819535af5804656389aeff5589233
-
SSDEEP
49152:b+61p+twbaarsEEfjn8VtLh5eMipbguoK:D1p+tw2arsEkj8Dt0tbg1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Async RAT payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-