General

  • Target

    DarkChecker.exe

  • Size

    5.0MB

  • Sample

    240625-lry6hsvhpk

  • MD5

    0b7923e4fc46bd3439901d869d27e770

  • SHA1

    009322a017fbd1c21221bef41ce054c305ab5df5

  • SHA256

    7e84b079231a680e0b87c5a25b89f0ebb820a93ccf2832a564baa7164f65ebe8

  • SHA512

    db95550a2871a515d17860912277013e81df5ddb4f4b4a95126ed227112c89500d075fed4ebcd49f66048e49264be679553e7738d544bbbda8fd47091a84efac

  • SSDEEP

    98304:QqwkEh/uIg7f8BLmS1qa6MtWZYhN+4owkoUtoobUpUjdd5qeGEN2wektRADO0p:QqwkEIIgL8pV1qa6Mt/hN+4on2WUm0qE

Malware Config

Targets

    • Target

      DarkChecker.exe

    • Size

      5.0MB

    • MD5

      0b7923e4fc46bd3439901d869d27e770

    • SHA1

      009322a017fbd1c21221bef41ce054c305ab5df5

    • SHA256

      7e84b079231a680e0b87c5a25b89f0ebb820a93ccf2832a564baa7164f65ebe8

    • SHA512

      db95550a2871a515d17860912277013e81df5ddb4f4b4a95126ed227112c89500d075fed4ebcd49f66048e49264be679553e7738d544bbbda8fd47091a84efac

    • SSDEEP

      98304:QqwkEh/uIg7f8BLmS1qa6MtWZYhN+4owkoUtoobUpUjdd5qeGEN2wektRADO0p:QqwkEIIgL8pV1qa6Mt/hN+4on2WUm0qE

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks