General
-
Target
00db117ca052e69bb2cde67e8fafab75c786c5f064a43537a4cbfcd6a2366ca3
-
Size
838KB
-
Sample
240330-bwwk3sea6z
-
MD5
3487fcccd1544dbabaa2144ab6d5807a
-
SHA1
ac8d5d7724691faae52f3ab84b42732577b9f7eb
-
SHA256
00db117ca052e69bb2cde67e8fafab75c786c5f064a43537a4cbfcd6a2366ca3
-
SHA512
407ee5a94db98c03e8df9fd25f4caa4b70eb8d279b136cb8f65372065f6468a785880f9245c67e385017b0835c7c97f0f5eb248a48e7d887c0824181af5c0757
-
SSDEEP
12288:5nPdE2I8+NVtZJ4wCI6fndjQ079Y3d5p5mw9:lPdE2j2tZOfaE+Xp3
Static task
static1
Behavioral task
behavioral1
Sample
00db117ca052e69bb2cde67e8fafab75c786c5f064a43537a4cbfcd6a2366ca3.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
00db117ca052e69bb2cde67e8fafab75c786c5f064a43537a4cbfcd6a2366ca3.exe
Resource
win10v2004-20240319-en
Behavioral task
behavioral3
Sample
Pyrograph/Perikoner/Intermeasuring199/Skibshandlernes.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Pyrograph/Perikoner/Intermeasuring199/Skibshandlernes.ps1
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
00db117ca052e69bb2cde67e8fafab75c786c5f064a43537a4cbfcd6a2366ca3
-
Size
838KB
-
MD5
3487fcccd1544dbabaa2144ab6d5807a
-
SHA1
ac8d5d7724691faae52f3ab84b42732577b9f7eb
-
SHA256
00db117ca052e69bb2cde67e8fafab75c786c5f064a43537a4cbfcd6a2366ca3
-
SHA512
407ee5a94db98c03e8df9fd25f4caa4b70eb8d279b136cb8f65372065f6468a785880f9245c67e385017b0835c7c97f0f5eb248a48e7d887c0824181af5c0757
-
SSDEEP
12288:5nPdE2I8+NVtZJ4wCI6fndjQ079Y3d5p5mw9:lPdE2j2tZOfaE+Xp3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Pyrograph/Perikoner/Intermeasuring199/Skibshandlernes.Ove218
-
Size
58KB
-
MD5
161d266563cfa870571bd2a76a200777
-
SHA1
4dad793c0fc2ff315bd201e80cf414864bea5409
-
SHA256
33095bc104b3928f5a857d2572be6afe3b9890ae110cd9aaf52ceb6a29e943fd
-
SHA512
430418fa2d550afd8f616420020c1c3d452488d45ba0d0d1b1a296ecc21eca816810872adce077612f12f88a1130c111560cba48b6286f06fb9ac6305729980a
-
SSDEEP
768:X7Etn9kgxHh0sMNB7kPM2OdEpivZnGL3tZDPrKY1U4CibG3WCnct7dbmsd5apjk5:tgxHGD7kPLOd0My3vCiGHctn3l8i
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-