General
-
Target
d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d
-
Size
1.3MB
-
Sample
220520-h9hdyafhf7
-
MD5
f8d29431dde6dd65e034b99c29ce9c64
-
SHA1
0c23620a0070f37794b895c35d7afe1de83bc36f
-
SHA256
d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d
-
SHA512
844d18e3694ba0ef27c80bfc7a5638cf221559a4fa7e32383e84e9e0b095bdb342cc751ef8e2f39f6b95d438707bbb083434f753d00dbb2fafb5bd666ab6caae
Static task
static1
Behavioral task
behavioral1
Sample
d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d
-
Size
1.3MB
-
MD5
f8d29431dde6dd65e034b99c29ce9c64
-
SHA1
0c23620a0070f37794b895c35d7afe1de83bc36f
-
SHA256
d32c5920ed9458d43b110e3ed34a54d617e173c76f5841003570a8c9ac95f75d
-
SHA512
844d18e3694ba0ef27c80bfc7a5638cf221559a4fa7e32383e84e9e0b095bdb342cc751ef8e2f39f6b95d438707bbb083434f753d00dbb2fafb5bd666ab6caae
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-