General
-
Target
fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f.zip
-
Size
600KB
-
Sample
240326-q5p7zsbf32
-
MD5
d9608fa1b9b8f21f6d8eb3a8df548ca4
-
SHA1
3f43ab87492586fb02d946313258a7dfcf7c3633
-
SHA256
0ca1f4675b19e6709de68df24372b88c6f7322a6d2c25b4fd61bb7670e34b84d
-
SHA512
6049371f4f579cec7beca19a2412e08b7a1fa5b68d422b074394be44ac970f582b2ac1d63067f61f946fb0ca32f0fc0ca6d716535ff77e436576b7e5049233cf
-
SSDEEP
12288:MBJJjQZ8JuenoBdBbmB1XrDHIlbn4CUoEsfVbhpl5aJIFD:e/gEoBdG1XrL+bn4ifVbu6FD
Static task
static1
Behavioral task
behavioral1
Sample
fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f.zip
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f.exe
Resource
win7-20240319-en
Behavioral task
behavioral4
Sample
fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.starmech.in - Port:
587 - Username:
[email protected] - Password:
gaging@2022 - Email To:
[email protected]
Targets
-
-
Target
fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f.zip
-
Size
600KB
-
MD5
d9608fa1b9b8f21f6d8eb3a8df548ca4
-
SHA1
3f43ab87492586fb02d946313258a7dfcf7c3633
-
SHA256
0ca1f4675b19e6709de68df24372b88c6f7322a6d2c25b4fd61bb7670e34b84d
-
SHA512
6049371f4f579cec7beca19a2412e08b7a1fa5b68d422b074394be44ac970f582b2ac1d63067f61f946fb0ca32f0fc0ca6d716535ff77e436576b7e5049233cf
-
SSDEEP
12288:MBJJjQZ8JuenoBdBbmB1XrDHIlbn4CUoEsfVbhpl5aJIFD:e/gEoBdG1XrL+bn4ifVbu6FD
Score1/10 -
-
-
Target
fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f.exe
-
Size
613KB
-
MD5
fca326ddaec93f996764280283e13ff6
-
SHA1
c1fd93944936ca86099bc20365295c96be975842
-
SHA256
fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f
-
SHA512
faa66593aed94623e8335c3b8293e953464ddf29595f6d6f02a787d5f9e52a1110ac0cfe41460af7bd6c48d1c5f202553d7ab22b83f1cc4b3ca5dccf37a00bc4
-
SSDEEP
12288:j5Fa5WOk38It4CQbEamjIqEAQrGI/P5Bch/wpbg2iQ7Kx0Jxn/:jVazzbEamMqEbvhBch8P7Gx0z
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-