General
-
Target
REVISED PI.zip
-
Size
641KB
-
Sample
221128-nvleyafc71
-
MD5
df9cf1835d2ba2476daf8ec43ca2c2dd
-
SHA1
77f6e6cb543f444dc3ba6f0c9e90032165a0653f
-
SHA256
e0aba5ebc59f8ac0f8b7be112da2ee481e30c4da9f213552f76ff7c5056c1ef3
-
SHA512
2cd429022b7ea622e1449bbf3b3f711bcbb9aefc0f287e5fe5879800978776573ad6b4bc07efddf386359ec04d89e6e0f8cbd45c33e965072ab68183ed9b83a4
-
SSDEEP
12288:JVhFkAYsq8W61yOUGpK265AVm9RSBT3iDAnZtzIrUNYaJJ:JVhFqsq5SHHP2R6TpnZKUqaJJ
Static task
static1
Behavioral task
behavioral1
Sample
2211.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
2211.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
2211.exe
-
Size
653KB
-
MD5
aeb1becc0f251e643e27c95d2fa1d91b
-
SHA1
f14bbc296f1da0a6e11993286871f2e9bacff72c
-
SHA256
8cdd2376c22a3f37faafe3a39f3730b7c03c9e641b729607ca2b083abbc3f05e
-
SHA512
0f2f2d370b257796b73f227adb055bfdd57621f34198cfabf66eef1dee43c5904263f32a7ce699ef716709dd3119b46639726e571e495533f15a2e8c403c9dec
-
SSDEEP
12288:ggF5Mgmsq8We1+CGGpKw65AHm9RCBT3g5AnttzyrMNkaM8:ggF5asqb+BFV2RKT/ntMMKaM8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-