Overview
overview
10Static
static
100289cf98e4...b1.pdf
windows7-x64
10289cf98e4...b1.pdf
windows10-2004-x64
1102c2cedea...73.exe
windows7-x64
10102c2cedea...73.exe
windows10-2004-x64
10114322a61e...72.exe
windows7-x64
10114322a61e...72.exe
windows10-2004-x64
101447056a87...66.exe
windows7-x64
101447056a87...66.exe
windows10-2004-x64
102ad5dc1eb8...c9.exe
windows7-x64
12ad5dc1eb8...c9.exe
windows10-2004-x64
102ce5c35b6e...05.exe
windows7-x64
102ce5c35b6e...05.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
32f93268254...86.exe
windows7-x64
12f93268254...86.exe
windows10-2004-x64
131ec85607b...6d.exe
windows7-x64
331ec85607b...6d.exe
windows10-2004-x64
3388b63b6ab...d1.exe
windows7-x64
10388b63b6ab...d1.exe
windows10-2004-x64
1038ff89e2b1...69.exe
windows7-x64
1038ff89e2b1...69.exe
windows10-2004-x64
10478dc8e0fc...c3.exe
windows7-x64
10478dc8e0fc...c3.exe
windows10-2004-x64
104d32e2790a...12.exe
windows7-x64
104d32e2790a...12.exe
windows10-2004-x64
105b28ac684d...72.exe
windows7-x64
105b28ac684d...72.exe
windows10-2004-x64
105c41653b87...89.exe
windows7-x64
105c41653b87...89.exe
windows10-2004-x64
1064f31a8fe6...487.js
windows7-x64
164f31a8fe6...487.js
windows10-2004-x64
1General
-
Target
8cb5769c3a25134797f34143d7be5857f5c9a4793f8455422458ed2ce5e67ced
-
Size
83.2MB
-
Sample
240211-bnhz1sah5v
-
MD5
2bb42050234ec94a1dffa932f852966c
-
SHA1
f6a6cd9d364ccaf4985b75f1729d482586d71450
-
SHA256
8cb5769c3a25134797f34143d7be5857f5c9a4793f8455422458ed2ce5e67ced
-
SHA512
165ea313e14eeedf50cb2333742da8cb1df7e0dcd4a645da27b904ce2bf90477057e46978933f070f1eff2c1ab8b5a3c0b6d6a89bf8bc4245929f6a344b0f1db
-
SSDEEP
1572864:d3gwd5LMr6+gq895N5/EwNBXDFmX0l5ZC6xv66MXq89g+aZTeTRGMHee/fi5bt4s:dQwTQ6X51PFmX0/XyrXqfXZaeCfMbmG
Behavioral task
behavioral1
Sample
0289cf98e4e9f9b86173926ee7b896458ca992c2d2976537fee4e30be2210ab1.pdf
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0289cf98e4e9f9b86173926ee7b896458ca992c2d2976537fee4e30be2210ab1.pdf
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
102c2cedea798b38f357101d8574519820f7a3278e9043fc254f73de06568273.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
102c2cedea798b38f357101d8574519820f7a3278e9043fc254f73de06568273.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
114322a61e042f61dcd09306c0d19f875e41638452c3bf9a24a6c8251ef5ab72.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
114322a61e042f61dcd09306c0d19f875e41638452c3bf9a24a6c8251ef5ab72.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
1447056a874d4d290ccaabacbc07fcae7b2ae38f095fdf44ae84de8b72f9e866.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
1447056a874d4d290ccaabacbc07fcae7b2ae38f095fdf44ae84de8b72f9e866.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
2ad5dc1eb890561c6eaba03369822cab1177e08df5e2afdfb28273ce42b39dc9.exe
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
2ad5dc1eb890561c6eaba03369822cab1177e08df5e2afdfb28273ce42b39dc9.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
2ce5c35b6e4effb5c1165d6f60e8d7c73eade7476e94de7690168c65b3b41005.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
2ce5c35b6e4effb5c1165d6f60e8d7c73eade7476e94de7690168c65b3b41005.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
2f93268254854fcf8b754edd270c08b574f3b078c601aece0efc50c95596b086.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
2f93268254854fcf8b754edd270c08b574f3b078c601aece0efc50c95596b086.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
31ec85607b59877f42e791a2ac23d8c8c95edc8bad7fc0939a90a3807f445c6d.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
31ec85607b59877f42e791a2ac23d8c8c95edc8bad7fc0939a90a3807f445c6d.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
388b63b6abc1c60160dea6dc559c9c24cf1299fa8df80cebccfcaa9c783526d1.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
388b63b6abc1c60160dea6dc559c9c24cf1299fa8df80cebccfcaa9c783526d1.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral21
Sample
38ff89e2b1d143d1710917e87c0a53c4886ff2295aefad2646c3791882ef8669.exe
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
38ff89e2b1d143d1710917e87c0a53c4886ff2295aefad2646c3791882ef8669.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral23
Sample
478dc8e0fc8b3ff56407c4876674f65c57b6543e9f65680dae0f4a7c8b0decc3.exe
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
478dc8e0fc8b3ff56407c4876674f65c57b6543e9f65680dae0f4a7c8b0decc3.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
4d32e2790a7a84c1cf62be213293d84087c4fa7cb53431da4a25d805f1827d12.exe
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
4d32e2790a7a84c1cf62be213293d84087c4fa7cb53431da4a25d805f1827d12.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
5b28ac684dfcbfc7784f1803d3d3be22d0615ca1e38c3c754266338385a10b72.exe
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
5b28ac684dfcbfc7784f1803d3d3be22d0615ca1e38c3c754266338385a10b72.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
5c41653b87a3ccb6ff8337d28ab04aac9fa62838031aa84432bfe247a3611689.exe
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
5c41653b87a3ccb6ff8337d28ab04aac9fa62838031aa84432bfe247a3611689.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
64f31a8fe63a882463921bb57f075f5ada1915e094af3a282fa8bca169d16487.js
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
64f31a8fe63a882463921bb57f075f5ada1915e094af3a282fa8bca169d16487.js
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6524461406:AAH3TboEjg5cRFE0HbCMLee4xLBl6zEAtIk/
Extracted
darkcloud
- email_from
- email_to
Extracted
Protocol: smtp- Host:
mail.gasplants.quest - Port:
587 - Username:
[email protected] - Password:
Ifeanyi1987@
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.corpsa.net - Port:
21 - Username:
[email protected] - Password:
-E~O8rekW5UT
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
$F%bWyL5
Targets
-
-
Target
0289cf98e4e9f9b86173926ee7b896458ca992c2d2976537fee4e30be2210ab1.pdf
-
Size
75KB
-
MD5
005e0f63b3ff4ac6b9a81a4aa9570220
-
SHA1
a2336579177a9899b1b7ad3f527d9a80232e7547
-
SHA256
0289cf98e4e9f9b86173926ee7b896458ca992c2d2976537fee4e30be2210ab1
-
SHA512
f18d2489d2315681afb67cad2d1e803e70089d326cf4d3e479fb936a95394c8b6c3e568bf261fe7759d2ec6afab869221e507229c8654b3642080196863b03f3
-
SSDEEP
1536:SrzIm0LzXFxtkz46ITB8CKIXe12XfdvrteXAj8uYX7MPfiK:GITFrtrGyX02XfDeQj8DxK
Score1/10 -
-
-
Target
102c2cedea798b38f357101d8574519820f7a3278e9043fc254f73de06568273.exe
-
Size
240KB
-
MD5
d0573ee8b060cbfd73500a2d137da3e9
-
SHA1
446f46a21738a5a9a6b8b6753161f808c2acb8cd
-
SHA256
102c2cedea798b38f357101d8574519820f7a3278e9043fc254f73de06568273
-
SHA512
6eb5ad45c542a4a718cec1f60ccda8d98350a1e05e46dbfeee436b36c0464fade99828cd4d1e61b1438aa0c05f9369bc514dc0a18260b2577b25ded4f5f3e821
-
SSDEEP
3072:oDLNPhZ1xFpRXlTpHBKHdPaTfVUDlPV8PafjpzgDBlXqfiq25P7fB9Du9RV:2LNJZ1xFpnTpHytfj9gDBpqfiqofBh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
114322a61e042f61dcd09306c0d19f875e41638452c3bf9a24a6c8251ef5ab72.exe
-
Size
628KB
-
MD5
ae6461999a7ec5264529540062345348
-
SHA1
1da5496562cffaaf5c76ffd2789f18ac659eeb5f
-
SHA256
114322a61e042f61dcd09306c0d19f875e41638452c3bf9a24a6c8251ef5ab72
-
SHA512
cf5b2aab9c0dfd4e56143669029d799b286f7e381b6dd3459316b7ff3fea34ff70d2ce1e8bea8a3b3d11d0095ddcface8d6051b5be244685af6d0e3518c135a3
-
SSDEEP
12288:3RCBU3YxdKZaGKQcpQVqj0Y7aD8VdD2auML+dv/CKtLPVHt+MQwmD3UYSKDJvQPU:MBJScpQlZDcIaBoCKtLtwMGDjSKDOA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
1447056a874d4d290ccaabacbc07fcae7b2ae38f095fdf44ae84de8b72f9e866.exe
-
Size
386KB
-
MD5
e31ca7eba5cac4cb1e8282614a0ef731
-
SHA1
8b84f68d86ca6ee93b2d5610e45e3e04b77a8016
-
SHA256
1447056a874d4d290ccaabacbc07fcae7b2ae38f095fdf44ae84de8b72f9e866
-
SHA512
337ef03c8adf8f9b8846c1cb335ee2beabe938c1be1b1e648c58023abafbc27dbb00d49fa574bab1e0756ba2b06ea5199a96dbe310c4bd8b0e4c30c672313c8b
-
SSDEEP
12288:WpLNxYqeb7Oppc92N/i4eAjyEVPvIjYKkJj6GmZU:gxSbIDeAjJVPv+Yb6nZ
-
-
-
Target
2ad5dc1eb890561c6eaba03369822cab1177e08df5e2afdfb28273ce42b39dc9.exe
-
Size
1.3MB
-
MD5
b7697fe7636e6dcbdae8f9cab7d058be
-
SHA1
92160284b9c104b5991c134a6a65162227d81967
-
SHA256
2ad5dc1eb890561c6eaba03369822cab1177e08df5e2afdfb28273ce42b39dc9
-
SHA512
f6f801c248964785edc431422d73b7937838c0aff564238404a642746d6fb0d6c4a028af9091f8b3ab5fe5a461c3a28606faa0e835515f9fbaa4d3c5811ceea9
-
SSDEEP
24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8aaZmF4O/l+XJPyUeB8hX:rTvC/MTQYxsWR7aaZmFpmyH8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
-
-
Target
2ce5c35b6e4effb5c1165d6f60e8d7c73eade7476e94de7690168c65b3b41005.exe
-
Size
521KB
-
MD5
ee2cb273bb396ae44970dc10457fd305
-
SHA1
e372562b079d1d86c6478a7c2949f2a06354198f
-
SHA256
2ce5c35b6e4effb5c1165d6f60e8d7c73eade7476e94de7690168c65b3b41005
-
SHA512
3d1a3f22ffa585dc77d965b82c12565588935390662535dc8e27f12b5c4d03846608a17e8eea1156c05da5e99038c81f25b4466269e6765feb0e8e25d289ce5f
-
SSDEEP
6144:1R+xXVwCNLDftawFa72Cra2ohD47gGSCdZQDXM47kZkByFxcQsnO+dgXhiQlttfI:z2xtawcL2l47gNTMJDfIJukit+JQlvD4
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
2f93268254854fcf8b754edd270c08b574f3b078c601aece0efc50c95596b086.exe
-
Size
1.0MB
-
MD5
f09350bf6bd3c1a57c1d4349e0b80924
-
SHA1
d0b8606bfc93a110b740f513f23d37ae2d35e302
-
SHA256
2f93268254854fcf8b754edd270c08b574f3b078c601aece0efc50c95596b086
-
SHA512
1a2d76923720e920f2d825805bcbf5f1852db8b2ae804290ade6161fd98ab7e80e79b54e48427003715a67c30a8b795ffcd0272bc76c5248e03aac07e234e787
-
SSDEEP
24576:AStF5TWrTZrtYbfcR2YfUpxrKl0XinWMCyFCQ:AStFd8bYbfs2XpklwinFwQ
Score1/10 -
-
-
Target
31ec85607b59877f42e791a2ac23d8c8c95edc8bad7fc0939a90a3807f445c6d.exe
-
Size
110KB
-
MD5
e18a8e37b5d2cfaec89222fd74c88081
-
SHA1
19a794cb433dc4445e33becc7c2ce7d211baefa6
-
SHA256
31ec85607b59877f42e791a2ac23d8c8c95edc8bad7fc0939a90a3807f445c6d
-
SHA512
287358b925ff7a6e214ea29612461c94fbc12eb145a8ed3cfc8a7400151a6fe7ebc399d6ae0ad22d31dd8b9e2082668957a30baca807502cf1a78beb33b5c2c8
-
SSDEEP
1536:Kx+EiewYluxHtThsiP34bbCaFJqIc5fpD7/xL:KrvyRhsiffaKIc5hDF
Score3/10 -
-
-
Target
388b63b6abc1c60160dea6dc559c9c24cf1299fa8df80cebccfcaa9c783526d1.exe
-
Size
386KB
-
MD5
7235fe2df2cc34e2f14fc0521d4db92d
-
SHA1
cd709297bce4ca7fad036962a869a0c7b83760d3
-
SHA256
388b63b6abc1c60160dea6dc559c9c24cf1299fa8df80cebccfcaa9c783526d1
-
SHA512
eca6985211aac0e214730ab4aa6091b2b784a78d6a6e11ed90d13b595ea791978b5168f524bdcda3f6e3949bebcd5aebdef12146fe744a4fcaf38f72acd01f37
-
SSDEEP
12288:tpLNxYqeb7Oppc92N/i4eAjyEVPvIjYKkJj6GmZU:FxSbIDeAjJVPv+Yb6nZ
-
-
-
Target
38ff89e2b1d143d1710917e87c0a53c4886ff2295aefad2646c3791882ef8669.exe
-
Size
386KB
-
MD5
269707a5b480393ad59d457c27fd7852
-
SHA1
2012ea46d841d46a84966e3a46d5835ed7693061
-
SHA256
38ff89e2b1d143d1710917e87c0a53c4886ff2295aefad2646c3791882ef8669
-
SHA512
1a9d4d2648fd0a2998a6cf956b4e8332c07e49b0a9d0d3827db4879481daa35e21dc2ed9534cc7139fc34773b83f2a119e24fbb0a7d23a8b7b9498e1bbd802f4
-
SSDEEP
12288:dpLNxYqeb7Oppc92N/i4eAjyEVPvIjYKkJj6GmZU:1xSbIDeAjJVPv+Yb6nZ
-
-
-
Target
478dc8e0fc8b3ff56407c4876674f65c57b6543e9f65680dae0f4a7c8b0decc3.exe
-
Size
1.3MB
-
MD5
11633d9b966df85843244a943545179a
-
SHA1
6c123b965dde6617e487176f705b98762270b90f
-
SHA256
478dc8e0fc8b3ff56407c4876674f65c57b6543e9f65680dae0f4a7c8b0decc3
-
SHA512
e022765cfccfc3f72e4c16ed2b2467c5e70b7428e4ee9fd5793e59ed1fe952fd99faa90a96a9fbc6696bfaceda66ad089fe316bea446014ef306526b752e9b7c
-
SSDEEP
24576:fqDEvCTbMWu7rQYlBQcBiT6rprG8aqcS245B8ELS:fTvC/MTQYxsWR7aqc3EL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
4d32e2790a7a84c1cf62be213293d84087c4fa7cb53431da4a25d805f1827d12.exe
-
Size
1.2MB
-
MD5
40b3e1808283e5fcfe7560f5fd65e1cb
-
SHA1
4928cbb42f3acade4a50cbb5b8696a18b685fcb4
-
SHA256
4d32e2790a7a84c1cf62be213293d84087c4fa7cb53431da4a25d805f1827d12
-
SHA512
d953a94db540879c958167d56231f51d1098a8edfbfb8655432a6e72bcf5ca245d8ebce19b99af42a0a87f0570010d253d027e9eb3fbd4cbb23837416c6f9d9d
-
SSDEEP
24576:xAHnh+eWsN3skA4RV1Hom2KXMmHa5aQithqM3V1MtXW3QMl5:Ih+ZkldoPK8Ya59UhpVMm3Qe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
5b28ac684dfcbfc7784f1803d3d3be22d0615ca1e38c3c754266338385a10b72.exe
-
Size
430KB
-
MD5
7170aecee8991a5999d72a84ce581283
-
SHA1
a82eee6ef09077dea6f9790067e2d50f2b37d6e2
-
SHA256
5b28ac684dfcbfc7784f1803d3d3be22d0615ca1e38c3c754266338385a10b72
-
SHA512
483cfcd41721fcfcedde5e0c5fa7d0737033ecd2c47604fc4de42c5454ff2bc8d536a246b8c32343ba3b2c4b7b683b9af754f5b63b07bdc5ea2667eb32cab580
-
SSDEEP
12288:FVpOWY3to4Y2dXyImEe3CviyF2r2dUjYKkJj6GmZU:fpe3mz3Wi22rhYb6nZ
-
-
-
Target
5c41653b87a3ccb6ff8337d28ab04aac9fa62838031aa84432bfe247a3611689.exe
-
Size
386KB
-
MD5
9ac07e9f935b70a31f633719fb84934b
-
SHA1
1268ab1844410f40d79762c8f241d39f3d1ca8c4
-
SHA256
5c41653b87a3ccb6ff8337d28ab04aac9fa62838031aa84432bfe247a3611689
-
SHA512
b06e29cdb636013a7e8fa641e06134159fcedefe8f20aec0998ba430d42930755a7fdaddbddbeef1c4d5803f851377c3fcacceee4177edd331f0bd072d57922a
-
SSDEEP
12288:ZpLNxYqeb7Oppc92N/i4eAjyEVPvIjYKkJj6GmZU:5xSbIDeAjJVPv+Yb6nZ
-
-
-
Target
64f31a8fe63a882463921bb57f075f5ada1915e094af3a282fa8bca169d16487.unknown
-
Size
6.2MB
-
MD5
5e7f62f1d3e086b04c0f640f97140029
-
SHA1
6e630ca526851b32a422b55b801f63632794abd6
-
SHA256
64f31a8fe63a882463921bb57f075f5ada1915e094af3a282fa8bca169d16487
-
SHA512
3a9401b923e38d29ccc5b82de3a7e6b05a84a88c964601a9499e06a3394ed5f8358cad485b40b7fb28ce90da32cb7fef658d0601bc5778a26381b5e4e7015eba
-
SSDEEP
49152:SLmRUIxzmUIxzmUIxzmUIxz60w0uV8Vyw0uV8Vkw0uV8VDw0uV8VOdqwyW3BHq6D:/
Score1/10 -