General
-
Target
4d530eb7103ec1921ee6d96f8ce1d198383e37c031d48e7f370075f64fd23e8c
-
Size
3.3MB
-
Sample
241109-xwferazgqm
-
MD5
efdc8557cc13ef260474a9cb23518c72
-
SHA1
899c491c3f584d4dc0c8ce49560e832db24003bc
-
SHA256
4d530eb7103ec1921ee6d96f8ce1d198383e37c031d48e7f370075f64fd23e8c
-
SHA512
bb6a2e34f8c4a424e636bed4a3e0deb6f0fd6deb8dbc8c6fbffb6298b0a1bf224ba843e67d4f4b142b20329fbf615c4e261155fecc94c03524eb056945965d4b
-
SSDEEP
98304:bfjY2wHWOTNoCulTmmMJ1n0WUFm5/sUm4s0ioSDu:b7XdOTNop4mG0WwK/W4sToSS
Static task
static1
Behavioral task
behavioral1
Sample
New folder/08db9ff2e3e0d4b4eae7de9bb07e0fd7c64ed74954e2cf5766fc2e23a0db7d8d.bat
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
New folder/08db9ff2e3e0d4b4eae7de9bb07e0fd7c64ed74954e2cf5766fc2e23a0db7d8d.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
New folder/8a4b9fbacd8e070cdef780edf587a22f93e4d0a2d11f99637b53cf64596699df.bat
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
New folder/8a4b9fbacd8e070cdef780edf587a22f93e4d0a2d11f99637b53cf64596699df.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
New folder/fab9a387bb96927cbd244960956e4b0afc3b30bee530a52e4c37b7bc787804e9.bat
Resource
win7-20241023-en
Behavioral task
behavioral6
Sample
New folder/fab9a387bb96927cbd244960956e4b0afc3b30bee530a52e4c37b7bc787804e9.bat
Resource
win10v2004-20241007-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hitechmineral.com - Port:
587 - Username:
[email protected] - Password:
parvezhitech1978 - Email To:
[email protected]
Targets
-
-
Target
New folder/08db9ff2e3e0d4b4eae7de9bb07e0fd7c64ed74954e2cf5766fc2e23a0db7d8d.bat
-
Size
1.1MB
-
MD5
ab0d98e0b9af05d94e139284507c0d3b
-
SHA1
0d3297b0a0bce6f0dde0b91146a66ed78c9b9d2c
-
SHA256
08db9ff2e3e0d4b4eae7de9bb07e0fd7c64ed74954e2cf5766fc2e23a0db7d8d
-
SHA512
f260e37db9c406ba6a6ae5c1472def4e545af5366e9d514066470d7a8506b85f01ce6a1ee274d7cf137a11684268379cddeab8f055ffe75d150b264fdee1884c
-
SSDEEP
24576:w9vetj7JB95zNrhS01VX3LBc41Y35qdJQhgjGlCG9LuPQV+J7zrzLElSmRxx7o:jrXn+30QeGoU4TElSr
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
-
-
Target
New folder/8a4b9fbacd8e070cdef780edf587a22f93e4d0a2d11f99637b53cf64596699df.bat
-
Size
2.1MB
-
MD5
a5a4c0545136eb52dd37437623238dd6
-
SHA1
3b8864445bac90d1ce0e4ff9b9bb8641728371d1
-
SHA256
8a4b9fbacd8e070cdef780edf587a22f93e4d0a2d11f99637b53cf64596699df
-
SHA512
69b7d50551e7352d131390e1d70b74568e7ad4b7e66eebb8217aa22bd694249495f8933aa9fe14514d2f2ba039fee95e0090407369c84fd09003cd8f075a05a8
-
SSDEEP
49152:HV/aYoonKuRO7Ci2BBVvI/W1yLNh+lMcs:y
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
New folder/fab9a387bb96927cbd244960956e4b0afc3b30bee530a52e4c37b7bc787804e9.bat
-
Size
1.2MB
-
MD5
3facdad0ee9326a9fe96750fd6882fec
-
SHA1
e13554f1e181271f441d7ccea3f7df2ae3e47b86
-
SHA256
fab9a387bb96927cbd244960956e4b0afc3b30bee530a52e4c37b7bc787804e9
-
SHA512
02647213a32a323c4b2328641a1f4969ae30e66d31ca9c1629466b1ee7dfb9cb7abb08c2ab070e60a514f4167e39988eb21ffdf02c33f164e39a942b312e8244
-
SSDEEP
24576:Ldj7jHnhLUJXBLqjfauCZB1wl9UITPPo6jNQQrccVuS8rSE1try6Q+xO7IM:h0XBe20xPg6wxJK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1