General
-
Target
SecuriteInfo.com.Variant.Ransom.Loki.19527.9895.18577.exe
-
Size
997KB
-
Sample
240425-lfbk3shd8s
-
MD5
cd6222a478ab6d10ad8580a791d311c2
-
SHA1
0219966f1b45dc289dade12d868b92478c18d120
-
SHA256
a74b536fee9f0b123007a407dc96d6f6b5ade2c67532936666dc9ed345cf279c
-
SHA512
d68b5281364de90c93580a66c5b73c8618d0eac71455b3f81892d96ec53dde83bc185ac907fa6223039a2b86537f5114d50d5213dbc675f9bffa0d9f64d03019
-
SSDEEP
12288:J3EGYeYIPXjpU4t4Kj5JQWlBcNwf1ISsfNUMc/YtWW6lmtlLkNJDSg0J4bakJQZN:J3EbeYIPrF5p7tISsmMeW2mfkrLMf
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Ransom.Loki.19527.9895.18577.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Ransom.Loki.19527.9895.18577.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
godwillxzn.com - Port:
587 - Username:
[email protected] - Password:
)F5u#OofP_eq - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Variant.Ransom.Loki.19527.9895.18577.exe
-
Size
997KB
-
MD5
cd6222a478ab6d10ad8580a791d311c2
-
SHA1
0219966f1b45dc289dade12d868b92478c18d120
-
SHA256
a74b536fee9f0b123007a407dc96d6f6b5ade2c67532936666dc9ed345cf279c
-
SHA512
d68b5281364de90c93580a66c5b73c8618d0eac71455b3f81892d96ec53dde83bc185ac907fa6223039a2b86537f5114d50d5213dbc675f9bffa0d9f64d03019
-
SSDEEP
12288:J3EGYeYIPXjpU4t4Kj5JQWlBcNwf1ISsfNUMc/YtWW6lmtlLkNJDSg0J4bakJQZN:J3EbeYIPrF5p7tISsmMeW2mfkrLMf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-