General
-
Target
DarkChecker.exe
-
Size
5.0MB
-
Sample
240625-lry6hsvhpk
-
MD5
0b7923e4fc46bd3439901d869d27e770
-
SHA1
009322a017fbd1c21221bef41ce054c305ab5df5
-
SHA256
7e84b079231a680e0b87c5a25b89f0ebb820a93ccf2832a564baa7164f65ebe8
-
SHA512
db95550a2871a515d17860912277013e81df5ddb4f4b4a95126ed227112c89500d075fed4ebcd49f66048e49264be679553e7738d544bbbda8fd47091a84efac
-
SSDEEP
98304:QqwkEh/uIg7f8BLmS1qa6MtWZYhN+4owkoUtoobUpUjdd5qeGEN2wektRADO0p:QqwkEIIgL8pV1qa6Mt/hN+4on2WUm0qE
Static task
static1
Behavioral task
behavioral1
Sample
DarkChecker.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
DarkChecker.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
DarkChecker.exe
-
Size
5.0MB
-
MD5
0b7923e4fc46bd3439901d869d27e770
-
SHA1
009322a017fbd1c21221bef41ce054c305ab5df5
-
SHA256
7e84b079231a680e0b87c5a25b89f0ebb820a93ccf2832a564baa7164f65ebe8
-
SHA512
db95550a2871a515d17860912277013e81df5ddb4f4b4a95126ed227112c89500d075fed4ebcd49f66048e49264be679553e7738d544bbbda8fd47091a84efac
-
SSDEEP
98304:QqwkEh/uIg7f8BLmS1qa6MtWZYhN+4owkoUtoobUpUjdd5qeGEN2wektRADO0p:QqwkEIIgL8pV1qa6Mt/hN+4on2WUm0qE
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-