General
-
Target
0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99.exe
-
Size
824KB
-
Sample
240609-l245hshg83
-
MD5
557d44cc5e33ac15ef0b659e5e58433d
-
SHA1
389c0e121ee86c95c31915b54489e278a800b76d
-
SHA256
0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99
-
SHA512
ed6cfd791b7367f065c4f278d70288961bd01de010648776be6351aec2822b3080b72343cff5a8ab6d73a5131b73a02d03a3274f8b98cdf2433191a50e8596b4
-
SSDEEP
12288:0Y4eAXsAvV7ihwdVUuRhnMLCke0euDme6ocbosxyc:EeAXsmV7Ywk+n0Cz0sEc0cv
Static task
static1
Behavioral task
behavioral1
Sample
0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Malware Config
Extracted
Protocol: ftp- Host:
backup.smartape.ru - Port:
21 - Username:
user894492 - Password:
w6NZOdcSkH1a
Extracted
agenttesla
Protocol: ftp- Host:
ftp://backup.smartape.ru - Port:
21 - Username:
user894492 - Password:
w6NZOdcSkH1a
Targets
-
-
Target
0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99.exe
-
Size
824KB
-
MD5
557d44cc5e33ac15ef0b659e5e58433d
-
SHA1
389c0e121ee86c95c31915b54489e278a800b76d
-
SHA256
0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99
-
SHA512
ed6cfd791b7367f065c4f278d70288961bd01de010648776be6351aec2822b3080b72343cff5a8ab6d73a5131b73a02d03a3274f8b98cdf2433191a50e8596b4
-
SSDEEP
12288:0Y4eAXsAvV7ihwdVUuRhnMLCke0euDme6ocbosxyc:EeAXsmV7Ywk+n0Cz0sEc0cv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/BgImage.dll
-
Size
7KB
-
MD5
ee255bdf426349e1caa8f1b71de9fd22
-
SHA1
d589773826620046df1d77dd148f819a88dd35ec
-
SHA256
a45f294137e2b0f6092eee8fdd2e19334f34ff3640d865a810b70f2104e92c21
-
SHA512
71eeb41b5816b7d0f9517264aaf026da878561b6a222064c8100e47c383de9ac369800b734468322f3a6fc3eedb1a23d3c5ca6874bd7bf84af08f395248872cc
-
SSDEEP
96:8ePik1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uTc4j7J3kWyy/:tPdTJa2roqJyA2EN8diuTJje
Score1/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
dbdbf4017ff91c9de328697b5fd2e10a
-
SHA1
b597a5e9a8a0b252770933feed51169b5060a09f
-
SHA256
be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36
-
SHA512
3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10
-
SSDEEP
96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI
Score3/10 -