General
-
Target
f4a8a8e08a2affa00789cb4161fb05c2.bin
-
Size
640KB
-
Sample
240425-cxqxnadf33
-
MD5
09be529324549714a74591ec9507cfcb
-
SHA1
803f23fa75fc17aa07adffce32f001ae8c7fd24d
-
SHA256
afa6c3d7ad8dd1549ebfc7ba04328b301b080aa20531b9a522bf954f680a1709
-
SHA512
9dd80cfa2d61f0eb1759780b50f40ae9b013bb00dc6d5ecc0a7c9f262f0d13c94cdefdb99b51a4c1359a2adf85be8575c1072da557395a0ad07a1f4da08644dc
-
SSDEEP
12288:964WMdX8bUSs+oJnP+lQkcckprv2utWNUsOWZ6dSVegilkBx6aOTYD40:964pV8oXnWyXvrv2ut2UJTdSVegZ25S
Static task
static1
Behavioral task
behavioral1
Sample
BARSYL SHIPPING Co (VIETNAM).exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
BARSYL SHIPPING Co (VIETNAM).exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.starmech.net - Port:
587 - Username:
[email protected] - Password:
nics123 - Email To:
[email protected]
Targets
-
-
Target
BARSYL SHIPPING Co (VIETNAM).exe
-
Size
669KB
-
MD5
5385333a8618dac516b8b33b0bbf11a1
-
SHA1
3a1171327abe7aefeb85914afae6ec6c8bfbe6e0
-
SHA256
6c06c665c435cf95787310f59e984006711d50bf091ae610cb4440abae1448c4
-
SHA512
0392fd0fc5f79b8c19655d279e882bf7cd83a4d841d1bf1f1845997396368734866f47d06c19fa0da48ecc305d2113611f65153e07ff6aae0c99a8137e9e3cea
-
SSDEEP
12288:x4WzE3RYDR05N+rTd2/6pjhHyKj1jb9WKhsq9Q/V8pekTGzd2S96QKNe:1WR03BAWj0Kj17YV8petwsK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-