General
-
Target
bdbb9fb8e618541ba63bd0302971f9299036c27e2c94179f9d8f62f326037faa
-
Size
444KB
-
Sample
220701-gme5magea7
-
MD5
1afedfd0ef55b950eb0de6bc7a640965
-
SHA1
fdf2346337fe8484521c279e96cdf2e9891113d5
-
SHA256
bdbb9fb8e618541ba63bd0302971f9299036c27e2c94179f9d8f62f326037faa
-
SHA512
f493d930b4aa560326a2afa1b7712c17d64bd0a1b6d8d559036f4a8608faa6dd4e6b0dd270ccb937ee306262fa546196baca884c628e79bfe3863b7c123e352c
Static task
static1
Behavioral task
behavioral1
Sample
bdbb9fb8e618541ba63bd0302971f9299036c27e2c94179f9d8f62f326037faa.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bdbb9fb8e618541ba63bd0302971f9299036c27e2c94179f9d8f62f326037faa.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
bdbb9fb8e618541ba63bd0302971f9299036c27e2c94179f9d8f62f326037faa
-
Size
444KB
-
MD5
1afedfd0ef55b950eb0de6bc7a640965
-
SHA1
fdf2346337fe8484521c279e96cdf2e9891113d5
-
SHA256
bdbb9fb8e618541ba63bd0302971f9299036c27e2c94179f9d8f62f326037faa
-
SHA512
f493d930b4aa560326a2afa1b7712c17d64bd0a1b6d8d559036f4a8608faa6dd4e6b0dd270ccb937ee306262fa546196baca884c628e79bfe3863b7c123e352c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-