General
-
Target
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505
-
Size
750KB
-
Sample
220619-wjahasffbq
-
MD5
dd45870570b5eeabe6ecec62a093fced
-
SHA1
c6364fe561cd82f0ac20d6beb23655b188c7d2f4
-
SHA256
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505
-
SHA512
3ede737c03ee4f2d67e30390726ad6359842a6aa59e6e8d9c56d89fd0bb45e865162fcbcfc41a78c2da56325d8fa88156c32ddc1f592eac78b3ee7199db43dbc
Static task
static1
Behavioral task
behavioral1
Sample
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505
-
Size
750KB
-
MD5
dd45870570b5eeabe6ecec62a093fced
-
SHA1
c6364fe561cd82f0ac20d6beb23655b188c7d2f4
-
SHA256
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505
-
SHA512
3ede737c03ee4f2d67e30390726ad6359842a6aa59e6e8d9c56d89fd0bb45e865162fcbcfc41a78c2da56325d8fa88156c32ddc1f592eac78b3ee7199db43dbc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-