General
-
Target
49a25c30b01ab897e8ef61569858731e4651acaa2f7828c4a76edb3c6a334417
-
Size
1.1MB
-
Sample
220712-tkesashcfq
-
MD5
aae7910fddf1137282ad78b7972469fa
-
SHA1
7bb3efaa25396f810729af4d9f2b05e45296a0da
-
SHA256
49a25c30b01ab897e8ef61569858731e4651acaa2f7828c4a76edb3c6a334417
-
SHA512
dad4b6e722848d7420722b783876f46673129af135eab52664efd48fb37788f3b89eb9cf672ab25c9292557eb38ded93d7d33fa841e6f2deccd57002a0236816
Static task
static1
Behavioral task
behavioral1
Sample
49a25c30b01ab897e8ef61569858731e4651acaa2f7828c4a76edb3c6a334417.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
49a25c30b01ab897e8ef61569858731e4651acaa2f7828c4a76edb3c6a334417.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
49a25c30b01ab897e8ef61569858731e4651acaa2f7828c4a76edb3c6a334417
-
Size
1.1MB
-
MD5
aae7910fddf1137282ad78b7972469fa
-
SHA1
7bb3efaa25396f810729af4d9f2b05e45296a0da
-
SHA256
49a25c30b01ab897e8ef61569858731e4651acaa2f7828c4a76edb3c6a334417
-
SHA512
dad4b6e722848d7420722b783876f46673129af135eab52664efd48fb37788f3b89eb9cf672ab25c9292557eb38ded93d7d33fa841e6f2deccd57002a0236816
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-