General
-
Target
35578304585f5d4ab8a08c8c4132a357a1630b4f47123a971c0950945a8069e1
-
Size
680KB
-
Sample
220619-wjbqcsffbr
-
MD5
ca7556eeba02e7eb040af1e988220117
-
SHA1
a58732339569e567f8bdc4bfa27d442b9fb98089
-
SHA256
35578304585f5d4ab8a08c8c4132a357a1630b4f47123a971c0950945a8069e1
-
SHA512
64f11cc735e71ec2b124250f41e13649bd0b0cc60aa265f7d63887c8fe8a5e89b0c2d2b6502fac992a1d9ad599ed4f72a2157f645cd912cd80154deb68ceb4f9
Static task
static1
Behavioral task
behavioral1
Sample
grace.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
grace.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
grace.exe
-
Size
750KB
-
MD5
dd45870570b5eeabe6ecec62a093fced
-
SHA1
c6364fe561cd82f0ac20d6beb23655b188c7d2f4
-
SHA256
8cdc238ef7df045b66f34ff099f05f4bbf42a6d262b0f3cf6a224a2ea95f4505
-
SHA512
3ede737c03ee4f2d67e30390726ad6359842a6aa59e6e8d9c56d89fd0bb45e865162fcbcfc41a78c2da56325d8fa88156c32ddc1f592eac78b3ee7199db43dbc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-