General
-
Target
MACHINE SPECIFICATIONS.exe
-
Size
511KB
-
Sample
221129-mdd4vsdb2t
-
MD5
92945d0a2731ef771ea9d10c792e03e1
-
SHA1
1eeef600b7b51ce7aa93e825be55b40f3ef8e319
-
SHA256
46b61250c34b38d26ac5897217e6b70a222ff16318161c4e67c74c74491cc612
-
SHA512
33ff6835de8b3a4a0002669deb68acf14a770e7546c2250eb6cdcde2ad4841891f504faa77427e864d1b7758481864189039beb8ec9d926f5804bd7da30a5fb2
-
SSDEEP
12288:BxNQOgJk4hl4vPE1suvqvku873X9BsILNILZoRPzre:BxNi6MlzX9BsILNILZoFre
Static task
static1
Behavioral task
behavioral1
Sample
MACHINE SPECIFICATIONS.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
MACHINE SPECIFICATIONS.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
MACHINE SPECIFICATIONS.exe
-
Size
511KB
-
MD5
92945d0a2731ef771ea9d10c792e03e1
-
SHA1
1eeef600b7b51ce7aa93e825be55b40f3ef8e319
-
SHA256
46b61250c34b38d26ac5897217e6b70a222ff16318161c4e67c74c74491cc612
-
SHA512
33ff6835de8b3a4a0002669deb68acf14a770e7546c2250eb6cdcde2ad4841891f504faa77427e864d1b7758481864189039beb8ec9d926f5804bd7da30a5fb2
-
SSDEEP
12288:BxNQOgJk4hl4vPE1suvqvku873X9BsILNILZoRPzre:BxNi6MlzX9BsILNILZoFre
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-