General
-
Target
166a9cb21db5300bc9f937431f72e2d3.exe
-
Size
652KB
-
Sample
221125-aql9sach3v
-
MD5
166a9cb21db5300bc9f937431f72e2d3
-
SHA1
eb44e824a25681f5fddde7f71b4fd0cccc8947f7
-
SHA256
a7688edb40ec7fb6cce0ff2d8859626b8cabc668578c1c69795e68eed32c94ff
-
SHA512
6be3b84feb4ba115b1cd1bbfaedb4da8159244bf0eba7e7d5aa874b63f799f4cc56d24e18233b032032232b69e198995e7012695d09caebde55c3c5882547cd0
-
SSDEEP
12288:gKCj1LjaORdU/HaBrgal0FGzVgdxHw+C/nSDxtekEPclXvwrf8FcsQ0je9s67:gdPaMuHaWFFxHkPyek9fwT8i269sm
Static task
static1
Behavioral task
behavioral1
Sample
166a9cb21db5300bc9f937431f72e2d3.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
166a9cb21db5300bc9f937431f72e2d3.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
166a9cb21db5300bc9f937431f72e2d3.exe
-
Size
652KB
-
MD5
166a9cb21db5300bc9f937431f72e2d3
-
SHA1
eb44e824a25681f5fddde7f71b4fd0cccc8947f7
-
SHA256
a7688edb40ec7fb6cce0ff2d8859626b8cabc668578c1c69795e68eed32c94ff
-
SHA512
6be3b84feb4ba115b1cd1bbfaedb4da8159244bf0eba7e7d5aa874b63f799f4cc56d24e18233b032032232b69e198995e7012695d09caebde55c3c5882547cd0
-
SSDEEP
12288:gKCj1LjaORdU/HaBrgal0FGzVgdxHw+C/nSDxtekEPclXvwrf8FcsQ0je9s67:gdPaMuHaWFFxHkPyek9fwT8i269sm
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-