Overview
overview
10Static
static
3a7d2ea641d...ee.exe
windows7-x64
10a7d2ea641d...ee.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Absorbable.sul
windows7-x64
3Absorbable.sul
windows10-2004-x64
3Beskikning...ed.vin
windows7-x64
3Beskikning...ed.vin
windows10-2004-x64
3Beskikning...17.vgr
windows7-x64
3Beskikning...17.vgr
windows10-2004-x64
3Beskikning...ls.scr
windows7-x64
Beskikning...ls.scr
windows10-2004-x64
Beskikning...el.txt
windows7-x64
1Beskikning...el.txt
windows10-2004-x64
1Beskikning...et.ser
windows7-x64
3Beskikning...et.ser
windows10-2004-x64
3Beskikning...es.ref
windows7-x64
3Beskikning...es.ref
windows10-2004-x64
3Besttelsestropper.hov
windows7-x64
3Besttelsestropper.hov
windows10-2004-x64
3General
-
Target
a7d2ea641dbc8e50000e6b42c9cca200fa25d5e37ddd1857eb489795ab5564ee
-
Size
870KB
-
Sample
240627-qvrm3atdqd
-
MD5
95dc64015aa43a27412f7ff0979c5b87
-
SHA1
bde0ae97f4f98c0dd8a0833702ff073befbec268
-
SHA256
a7d2ea641dbc8e50000e6b42c9cca200fa25d5e37ddd1857eb489795ab5564ee
-
SHA512
450a8ba7eb3c3178b5567b692d55518d393af5d971bb22ab13e1c9078c9ea389f1a9e28d391a8882ef8d1b99972ec27af64fa2c7aa8fa79c9c0d2423d0176d10
-
SSDEEP
12288:XcIjd3nQIQsk3na+QiLPTEYLwdLh5d2tqnXQJgcCp8vGiVIkk84n5QWrV:XcIjUna3iLtwb/2tWXMi2rq7nHB
Static task
static1
Behavioral task
behavioral1
Sample
a7d2ea641dbc8e50000e6b42c9cca200fa25d5e37ddd1857eb489795ab5564ee.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a7d2ea641dbc8e50000e6b42c9cca200fa25d5e37ddd1857eb489795ab5564ee.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Absorbable.sul
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
Absorbable.sul
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Beskikningers/Misaimed.vin
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Beskikningers/Misaimed.vin
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Beskikningers/Randon17.vgr
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
Beskikningers/Randon17.vgr
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
Beskikningers/keelhauls.scr
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
Beskikningers/keelhauls.scr
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Beskikningers/primaveksel.txt
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
Beskikningers/primaveksel.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Beskikningers/skohornet.ser
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
Beskikningers/skohornet.ser
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Beskikningers/temperatures.ref
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Beskikningers/temperatures.ref
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
Besttelsestropper.hov
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
Besttelsestropper.hov
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epressong.com - Port:
587 - Username:
[email protected] - Password:
nFMLKCvO3 - Email To:
[email protected]
Targets
-
-
Target
a7d2ea641dbc8e50000e6b42c9cca200fa25d5e37ddd1857eb489795ab5564ee
-
Size
870KB
-
MD5
95dc64015aa43a27412f7ff0979c5b87
-
SHA1
bde0ae97f4f98c0dd8a0833702ff073befbec268
-
SHA256
a7d2ea641dbc8e50000e6b42c9cca200fa25d5e37ddd1857eb489795ab5564ee
-
SHA512
450a8ba7eb3c3178b5567b692d55518d393af5d971bb22ab13e1c9078c9ea389f1a9e28d391a8882ef8d1b99972ec27af64fa2c7aa8fa79c9c0d2423d0176d10
-
SSDEEP
12288:XcIjd3nQIQsk3na+QiLPTEYLwdLh5d2tqnXQJgcCp8vGiVIkk84n5QWrV:XcIjUna3iLtwb/2tWXMi2rq7nHB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
55a26d7800446f1373056064c64c3ce8
-
SHA1
80256857e9a0a9c8897923b717f3435295a76002
-
SHA256
904fd5481d72f4e03b01a455f848dedd095d0fb17e33608e0d849f5196fb6ff8
-
SHA512
04b8ab7a85c26f188c0a06f524488d6f2ac2884bf107c860c82e94ae12c3859f825133d78338fd2b594dfc48f7dc9888ae76fee786c6252a5c77c88755128a5b
-
SSDEEP
192:MPtkumJX7zBE2kGwfy9S9VkPsFQ1Mx1c:97O2k5q9wA1Mxa
Score3/10 -
-
-
Target
Absorbable.sul
-
Size
816KB
-
MD5
6593de223564535ce11d13bfb74348ca
-
SHA1
5d85af6a3877470118ddac318a131c7eb2498bb2
-
SHA256
a57cb464f48b61e87ed20832f2d6eae93c2669bb13850cb6186248e9b597364c
-
SHA512
f0b85a3f75268cb4b08ff7fc18a631acc4c1d9e8aca804b9ed8dfc186789bf930467f1c2ae2dcc769ac200557d4ff01abda80ea17ce622488d56c264d2941e3f
-
SSDEEP
768:ONjfRwbxYsn1KxrM/MRos6Yumut+ud9j4f7lzZnMkviwCdR/S9krIXLtZkCoVf/1:Q/5y
Score3/10 -
-
-
Target
Beskikningers/Misaimed.Vin
-
Size
20KB
-
MD5
b326cb8d03a7af828a6347addcb5a9d1
-
SHA1
1f7f57aa5763b004d3198597eb80208aa0e93570
-
SHA256
a9cd23eb35c039440bde74a206ac3613b52fd667aa1484125587e61c79912dfc
-
SHA512
57999de9a99336db3a7b9aff3c69295bda2514374187e0b0c0082f21b68101530b17a0d5a23157584303c505f82c3d441360b91649a39ec2a20ca6d890e8d126
-
SSDEEP
384:lUOZNanrJF8+6XhYz5zYHsP9R/wWb1ml2EM:JiT8+MadPEWJOc
Score3/10 -
-
-
Target
Beskikningers/Randon17.vgr
-
Size
1.0MB
-
MD5
7978bf27082616faade55b22394bbddc
-
SHA1
3cb41f03b1cd775f7f6bc9b95944854dda87bf36
-
SHA256
b88a13eb0eedb9be6e1f809d0b8a55979186db208858fedce5a59b28556b248b
-
SHA512
9a734b8285c96706c434aedf2abf6666e82ec257defab74213c50b18a5c7b23b3a48d76fe64e4cc6446cc460095cea3f37d8029fa28b9198f4a371ba1c23922b
-
SSDEEP
768:DfIbQMnX/cgMWndUtQ//KuGQ+4xRoQoezjVn20Ka17J6T0vbXHtPSeySgSJSejnK:VIbm
Score3/10 -
-
-
Target
Beskikningers/keelhauls.scr
-
Size
1.0MB
-
MD5
87a3ce82a211e6022d7145c99eef5edc
-
SHA1
d2aa5daef3272acdee40657353ebb0ba94728e8d
-
SHA256
66bf6c84307739696eb18d632b6a34755375e61f3c612dc273c7f8f25fcad938
-
SHA512
66f2bc1530f6d187749486c7305f069d67964ef5427a6a59f2dc081469f5d608c6e0d2c30edef70a6a79e6386be1528ae2b8725ba704e2d3cf8b2f303d8eb1cf
-
SSDEEP
768:N9lotXK6U6HA/zmsIxzvraRwfj+iMbmwrhg2hnwjYBm2GOP9bsWZafCJL6Ir7wxG:QRPMLzJ
Score1/10 -
-
-
Target
Beskikningers/primaveksel.txt
-
Size
442B
-
MD5
87308607bbefdd32639f5bcad963b8c2
-
SHA1
14a3196b8301243120bd7f9248c5949d718b4dea
-
SHA256
a71bd44ca8efda96ba1083d1d36fc2148592ca881cff674c71b7742a1866b012
-
SHA512
9019036c6976f9a8ba0f6d5fde538ffa69c537a320cf09758e2ceb9012f4c106e4d09b15248ca0a695dc7960ffbbf500ff21bd3a17ebd37fe3de13a0bbc8ea5e
Score1/10 -
-
-
Target
Beskikningers/skohornet.ser
-
Size
1.1MB
-
MD5
11825dab7ecea24188448d6de7d605a5
-
SHA1
90cc6eec53823cdb2e1946583042699b42c84bff
-
SHA256
e9f3ca77c307a76c115171b367b540d2615f30636a16ee986c852aef5eab6409
-
SHA512
6f0f808de0dadd0f8e94df72e1a85828f0bd8e14fb8f4300614901a17c260af55cfe33ec473fef34663e8b069bf19306eb32d38e39e60149bd85d83d14c23749
-
SSDEEP
768:zrTEDgAwUGxcEEBSF2XVHcg/62u6BEqlktC9le+FplzUtaPQVPKtoQFrqFrepOde:TM2gnM9
Score3/10 -
-
-
Target
Beskikningers/temperatures.ref
-
Size
697KB
-
MD5
17df408e712c3359e4b58f95e4529f16
-
SHA1
75203c6b467a1174b41dfefe3795a9b87331808e
-
SHA256
35d50d71afa6b8169123458a8232cde1e3d96e3a0e6734045714192b0930d1aa
-
SHA512
7fa7600651ce103dd3f5143036e5ee6b5b3262555d331761bd426898990a6b314e25a018e4b16b395e86e0a023b24df3796744860e6478efbfa190ebadbc4253
-
SSDEEP
768:eLtWEAnNzz6fiBH4r4D2EBct2GaDNHpDe9SM1hon+wFniYgoZhgBy9:Q
Score3/10 -
-
-
Target
Besttelsestropper.Hov
-
Size
272KB
-
MD5
f8863d882553a6efb3cb6111e7b13e3b
-
SHA1
c1079473474483560740fd299e53e9d4f7394b2e
-
SHA256
7e7cd7ae34b03ce558793e91faeba688e1d6bfd8753faff3d60f0bfdcafb4e75
-
SHA512
8d4951d30e3774e638cb93d24ad40b0fb738f08939cf30f1d60626277c90f5318f9fa2c5b322be12dbfbb8e7cb869d03d01138a112ebb1c041d3e533a10e1b32
-
SSDEEP
6144:EBIUbXTygOPJfDSn/ixkc0Ll9yCnYV8bws3fy4B:XkXOZxbakkc0Ll9QsY4B
Score3/10 -