General
-
Target
3bcc155f5bc7b6b5f5a4df83363b57e52ce7e8b88c2ed695023b057874b12849
-
Size
355KB
-
Sample
240803-bmcfvaxhrp
-
MD5
1dffa9d5b1d33095977375b1aecf4f2b
-
SHA1
1e9172d8822d3477393db4f8c35aa0733eab7bf9
-
SHA256
3bcc155f5bc7b6b5f5a4df83363b57e52ce7e8b88c2ed695023b057874b12849
-
SHA512
66d0ccd7bca497a649fefaab0b5d5675eee49d546644334f5e41cda12705a7e65b6ef52cb449dcc7f95e85a3f6bd5926acb9df4d648b28d9a4e45f3b6bfdd710
-
SSDEEP
6144:CbeI1OYuG0Lahya/QYMAsYL8wgs3tgbp9PkBqQ0IqQ5FgL:XeUeQYMAsYL8wgs9QpkqpIqQ
Behavioral task
behavioral1
Sample
3bcc155f5bc7b6b5f5a4df83363b57e52ce7e8b88c2ed695023b057874b12849.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3bcc155f5bc7b6b5f5a4df83363b57e52ce7e8b88c2ed695023b057874b12849.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7390139954:AAFw-89dzufZnN9iQ-qMJ7xuGsXRrzvXAEI/
Extracted
redline
Newlogs
204.14.75.2:16383
Targets
-
-
Target
3bcc155f5bc7b6b5f5a4df83363b57e52ce7e8b88c2ed695023b057874b12849
-
Size
355KB
-
MD5
1dffa9d5b1d33095977375b1aecf4f2b
-
SHA1
1e9172d8822d3477393db4f8c35aa0733eab7bf9
-
SHA256
3bcc155f5bc7b6b5f5a4df83363b57e52ce7e8b88c2ed695023b057874b12849
-
SHA512
66d0ccd7bca497a649fefaab0b5d5675eee49d546644334f5e41cda12705a7e65b6ef52cb449dcc7f95e85a3f6bd5926acb9df4d648b28d9a4e45f3b6bfdd710
-
SSDEEP
6144:CbeI1OYuG0Lahya/QYMAsYL8wgs3tgbp9PkBqQ0IqQ5FgL:XeUeQYMAsYL8wgs9QpkqpIqQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1