General
-
Target
5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64
-
Size
519KB
-
Sample
220802-ecckmsaggp
-
MD5
0e8bd35ef43d424f440a3164b6be511f
-
SHA1
d080400cbcbd9e4e10041ef7bdf383268707ce83
-
SHA256
5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64
-
SHA512
72eb8de3ca9347ea5525417c94f9af4cbd6f9d77706fd894bed2e7013c5efd3aa67a1143f3e1031c1319a701d7fa74d81cae2906ca037082061ef580da1ecc0f
Static task
static1
Behavioral task
behavioral1
Sample
5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64
-
Size
519KB
-
MD5
0e8bd35ef43d424f440a3164b6be511f
-
SHA1
d080400cbcbd9e4e10041ef7bdf383268707ce83
-
SHA256
5a5d5b0c3917a59751c4c8404f9711b07395f058a29187fc3a37c2db94a0cc64
-
SHA512
72eb8de3ca9347ea5525417c94f9af4cbd6f9d77706fd894bed2e7013c5efd3aa67a1143f3e1031c1319a701d7fa74d81cae2906ca037082061ef580da1ecc0f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-