General
-
Target
e060a4eef10b31461b76790e52e1f59a76ce72b6ce114cfdb85a6a2344d9bd81
-
Size
360KB
-
Sample
240803-bxna4aydjr
-
MD5
f170c70e0200dabc5a707384aaad89a0
-
SHA1
b465ec3eef47a2dfb7dab6f6142c8e1ed6768ed6
-
SHA256
e060a4eef10b31461b76790e52e1f59a76ce72b6ce114cfdb85a6a2344d9bd81
-
SHA512
dfcd526816652da14ffd8b2f90ad8becc5a3b409a7199bf95f236e895715bf74cb1bc0bcaf25c9d9ebd556d4b62f1c358f1b14425c71a5dd06becbc01691558f
-
SSDEEP
6144:fbeI1OYuG0Lahya/QYMAsYL8wgs3tgbp9PkBqQ0IqQ5FgL:aeUeQYMAsYL8wgs9QpkqpIqQ
Behavioral task
behavioral1
Sample
DESIGN LOGO.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
DESIGN LOGO.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7390139954:AAFw-89dzufZnN9iQ-qMJ7xuGsXRrzvXAEI/
Extracted
redline
Newlogs
204.14.75.2:16383
Targets
-
-
Target
DESIGN LOGO.exe
-
Size
355KB
-
MD5
1dffa9d5b1d33095977375b1aecf4f2b
-
SHA1
1e9172d8822d3477393db4f8c35aa0733eab7bf9
-
SHA256
3bcc155f5bc7b6b5f5a4df83363b57e52ce7e8b88c2ed695023b057874b12849
-
SHA512
66d0ccd7bca497a649fefaab0b5d5675eee49d546644334f5e41cda12705a7e65b6ef52cb449dcc7f95e85a3f6bd5926acb9df4d648b28d9a4e45f3b6bfdd710
-
SSDEEP
6144:CbeI1OYuG0Lahya/QYMAsYL8wgs3tgbp9PkBqQ0IqQ5FgL:XeUeQYMAsYL8wgs9QpkqpIqQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1