General
-
Target
54aa062cdf2608851a04e43b2e24d0449633f5c2f25d202f0a321d58a2a75b8c
-
Size
1.3MB
-
Sample
221125-kqgdmsed99
-
MD5
6c47d7f12ec4b17a554eeaebfa9e57dd
-
SHA1
370b78b3d7c65ddd2c74d1537a2cc7fbe753f5ab
-
SHA256
54aa062cdf2608851a04e43b2e24d0449633f5c2f25d202f0a321d58a2a75b8c
-
SHA512
508532656b1001aae03ac4831c450f9be903aed140f1327b34046b6155543da24483e37ee26edebbaced1b8624936584df8774148705ab3e8c9eae52acc23e34
-
SSDEEP
24576:/AHnh+eWsN3skA4RV1Hom2KXMmHa2DAoNUGN1RDKqlcrMcVSZPpK+c5:ih+ZkldoPK8Ya2DAMUGlmjMUYPpKt
Static task
static1
Behavioral task
behavioral1
Sample
54aa062cdf2608851a04e43b2e24d0449633f5c2f25d202f0a321d58a2a75b8c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
54aa062cdf2608851a04e43b2e24d0449633f5c2f25d202f0a321d58a2a75b8c.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
54aa062cdf2608851a04e43b2e24d0449633f5c2f25d202f0a321d58a2a75b8c
-
Size
1.3MB
-
MD5
6c47d7f12ec4b17a554eeaebfa9e57dd
-
SHA1
370b78b3d7c65ddd2c74d1537a2cc7fbe753f5ab
-
SHA256
54aa062cdf2608851a04e43b2e24d0449633f5c2f25d202f0a321d58a2a75b8c
-
SHA512
508532656b1001aae03ac4831c450f9be903aed140f1327b34046b6155543da24483e37ee26edebbaced1b8624936584df8774148705ab3e8c9eae52acc23e34
-
SSDEEP
24576:/AHnh+eWsN3skA4RV1Hom2KXMmHa2DAoNUGN1RDKqlcrMcVSZPpK+c5:ih+ZkldoPK8Ya2DAMUGlmjMUYPpKt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-