General

  • Target

    bashoo.exe

  • Size

    35KB

  • Sample

    240921-zsk7yatdnr

  • MD5

    2db9421577d39c8fdeaab542ee35f483

  • SHA1

    346d5db7df5cdbb843e9df60724a55e70a51c018

  • SHA256

    9329ac7ceda44f47a90f67ef1e12add90fddb97bbf1be96a6e3e6f66a7002187

  • SHA512

    7931796900ba0573733d240d5252d15a4957b1c6251ea359fcfb1c8ef11607948210c2484356b831659158d575c0f848a0b6886b6e177a83370b9c6d0c842969

  • SSDEEP

    384:XZirz04kYcm5oRVPUn30CDG1iZMJSalHXeqZhsWIgDWsjxZUtO4f54A:Mi+5uVPUn30gGEZQH5SAXJ4f54A

Malware Config

Targets

    • Target

      bashoo.exe

    • Size

      35KB

    • MD5

      2db9421577d39c8fdeaab542ee35f483

    • SHA1

      346d5db7df5cdbb843e9df60724a55e70a51c018

    • SHA256

      9329ac7ceda44f47a90f67ef1e12add90fddb97bbf1be96a6e3e6f66a7002187

    • SHA512

      7931796900ba0573733d240d5252d15a4957b1c6251ea359fcfb1c8ef11607948210c2484356b831659158d575c0f848a0b6886b6e177a83370b9c6d0c842969

    • SSDEEP

      384:XZirz04kYcm5oRVPUn30CDG1iZMJSalHXeqZhsWIgDWsjxZUtO4f54A:Mi+5uVPUn30gGEZQH5SAXJ4f54A

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks