General
-
Target
7971d20d1b569b51e56f37fc734a1c81.bin
-
Size
571KB
-
Sample
240405-bv9rbagd41
-
MD5
aa719668b1165ed961dc33231b856688
-
SHA1
122c259fe1c5a9082f8691357c36b18a639d0431
-
SHA256
545c9b0499ec2a2e5503d72d76954ed020e63a290895cb3fcd4f382a2496b31a
-
SHA512
aad2592f065e3f02ba9bf85dbc080b05b364524166dfa2cebc68de9d753d51db713f7630c8132bcf32c4240916068893cec727102f32d6789329b0b07d9f8bd7
-
SSDEEP
12288:tFamtIAtNGMoQabmnknqhTv/U09s/vYbtqDUfasiO76H3M4Ef/x4G58:7ptI+NGMo9mnWqtceAeqDAC3le/xq
Static task
static1
Behavioral task
behavioral1
Sample
3137663df90055b5c2dd92ff91ed1a0edc6965dbd50f83578643c727b36b060b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3137663df90055b5c2dd92ff91ed1a0edc6965dbd50f83578643c727b36b060b.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Borteskamoteringers/Fridtjof.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Borteskamoteringers/Fridtjof.ps1
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp8nl.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
3137663df90055b5c2dd92ff91ed1a0edc6965dbd50f83578643c727b36b060b.exe
-
Size
652KB
-
MD5
7971d20d1b569b51e56f37fc734a1c81
-
SHA1
3c1a1fa66cd9890c8e0021853d39ab7b3aefc5c7
-
SHA256
3137663df90055b5c2dd92ff91ed1a0edc6965dbd50f83578643c727b36b060b
-
SHA512
6efbec26eebfcaeed965a46ab22f4870fc6fa93d09818c7cf03782f34c8a768b4defa5b9b1f347ef41798df82c725a3f5a402793d977e6d791fe5b857d36c6a4
-
SSDEEP
12288:nXRAvufNFTr7L/R90rJ2RPBY+K9Yc65vpNpqwDwmuu6TNxFu+i:nXRyUNJr7L30N2RJXKz65vprPqu6hxF+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Borteskamoteringers/Fridtjof.Bea
-
Size
58KB
-
MD5
b747bba9cd5ec658f83a8f004b9ddc9b
-
SHA1
eb25e589a4de7af6afd91ccaf9c12f30aaf3c67a
-
SHA256
4fc178d7b0c912917422d5259e796c28f38a765bc3f56fa14df7480b49a0f2f2
-
SHA512
7e115a0e8cc9b16cd7eeafc6aa6635815763384ab543bb92308c197af849a49e9109f775652151617dc094862313109830091f5d203f582a887595b81b875d9e
-
SSDEEP
1536:ft7VcOuMK0tpHzCNB2PPEcs2WlyRRpAbeKbKCU:f7QgJzMB2kcs2qHbeKuCU
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-