General
-
Target
bashoo.exe
-
Size
35KB
-
Sample
240921-zsk7yatdnr
-
MD5
2db9421577d39c8fdeaab542ee35f483
-
SHA1
346d5db7df5cdbb843e9df60724a55e70a51c018
-
SHA256
9329ac7ceda44f47a90f67ef1e12add90fddb97bbf1be96a6e3e6f66a7002187
-
SHA512
7931796900ba0573733d240d5252d15a4957b1c6251ea359fcfb1c8ef11607948210c2484356b831659158d575c0f848a0b6886b6e177a83370b9c6d0c842969
-
SSDEEP
384:XZirz04kYcm5oRVPUn30CDG1iZMJSalHXeqZhsWIgDWsjxZUtO4f54A:Mi+5uVPUn30gGEZQH5SAXJ4f54A
Behavioral task
behavioral1
Sample
bashoo.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bashoo.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
bashoo.exe
-
Size
35KB
-
MD5
2db9421577d39c8fdeaab542ee35f483
-
SHA1
346d5db7df5cdbb843e9df60724a55e70a51c018
-
SHA256
9329ac7ceda44f47a90f67ef1e12add90fddb97bbf1be96a6e3e6f66a7002187
-
SHA512
7931796900ba0573733d240d5252d15a4957b1c6251ea359fcfb1c8ef11607948210c2484356b831659158d575c0f848a0b6886b6e177a83370b9c6d0c842969
-
SSDEEP
384:XZirz04kYcm5oRVPUn30CDG1iZMJSalHXeqZhsWIgDWsjxZUtO4f54A:Mi+5uVPUn30gGEZQH5SAXJ4f54A
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-