General
-
Target
7a0ad10ad439ac3538cb6704eb5b5db6dada5eae0ed1b590d907071ec6f3889c
-
Size
1.2MB
-
Sample
240326-bzfzssbd34
-
MD5
9bea006d5010697d19ede13c03b7d07a
-
SHA1
91512c5b3b1ba03489d4825d539eabcd7546e452
-
SHA256
7a0ad10ad439ac3538cb6704eb5b5db6dada5eae0ed1b590d907071ec6f3889c
-
SHA512
7be4983c68f6ae4fdfff0990461e80dd1fbda4c4d93bb7bb8c12556a6419d7d68e2d20a135cf95e85cf1044ee0766e147be598aecf3a7f00534e7ea3d331cdc8
-
SSDEEP
12288:WLTA8PHO5mU0It6itmD+HcwbdbJlXR3JlVf87I3:CTA8PO5mU16iQKHhdbbHf8
Static task
static1
Behavioral task
behavioral1
Sample
Scan067-2024-03-25.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Scan067-2024-03-25.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Archd/Spyhole.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Archd/Spyhole.ps1
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6387496510:AAGzkvOV3EOvSZjPNfclsVSKq_tcdKpU-7o/
Targets
-
-
Target
Scan067-2024-03-25.exe
-
Size
665KB
-
MD5
f0a288f78c5312449a55154083eade5f
-
SHA1
240a70ce2e75f78f5618603e72894e008141a79a
-
SHA256
0a184e4ad5c58aa41348509fdab0d3d30ab16a45cca699bde8b88f9dde9915d3
-
SHA512
108034373f7cb3c6755d9f316e3ae54a1cebf4eb486544a2ce3568188aeb701a5252302f798e6033b27df0f846a91d7967398e95af2d96f9ee08a296098b34fd
-
SSDEEP
12288:FLTA8PHO5mU0It6itmD+HcwbdbJlXR3JlVf87I37:9TA8PO5mU16iQKHhdbbHf8Y
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Archd/Spyhole.Sme
-
Size
58KB
-
MD5
ac8beecc7660314f01c2961644545074
-
SHA1
f161d8c0e011582c36e5a8d0355a8592ed3f7b3a
-
SHA256
6956b9513f7743bf415308c1bd2e3faea66cadea8def5ed34ad7beec98cfab1c
-
SHA512
18f8753656898b6e211575cbf0c7e5fd604daa334221f1c1e2093bd7e6ae35cc30a83d6dc2df80c7b81ad04e1bb126eca6bac9e6aecfc57ac5465435bad206f4
-
SSDEEP
1536:UER3wWFmHDVCv6YSwRJiEdvDtp12PSNPtILZLxpn:UERlFcQ1SwPtr2w2dxd
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-