General
-
Target
02d64b9cbd5268cec49399d35962acaac4e4548b96b0775b315811bc0c23c7e8.exe
-
Size
541KB
-
Sample
230328-hbj5wahd55
-
MD5
841df4aadcf2ba0ef0a1bfe3a421c7bc
-
SHA1
5b3d870d348f52908b8871f16ad8f6edfbac08c3
-
SHA256
02d64b9cbd5268cec49399d35962acaac4e4548b96b0775b315811bc0c23c7e8
-
SHA512
41ac5cc1ec3599f8d2921b7e2a48636b66c661631bc5c920aff3c5e0dc7915ca79d29814d3c293e84c522417f2dd0d4171c3cf4b1b8ef537a8a6d6b07b65f531
-
SSDEEP
6144:WYa6Bv7p3QTwn5M11k+zsndP21nktxtlfzw/5kb1wmO4zhOVJeUsK73b1KYr0hgP:WYfzFQTwM16+sdenmS5kbiiUsKLb13F
Static task
static1
Behavioral task
behavioral1
Sample
02d64b9cbd5268cec49399d35962acaac4e4548b96b0775b315811bc0c23c7e8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
02d64b9cbd5268cec49399d35962acaac4e4548b96b0775b315811bc0c23c7e8.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
02d64b9cbd5268cec49399d35962acaac4e4548b96b0775b315811bc0c23c7e8.exe
-
Size
541KB
-
MD5
841df4aadcf2ba0ef0a1bfe3a421c7bc
-
SHA1
5b3d870d348f52908b8871f16ad8f6edfbac08c3
-
SHA256
02d64b9cbd5268cec49399d35962acaac4e4548b96b0775b315811bc0c23c7e8
-
SHA512
41ac5cc1ec3599f8d2921b7e2a48636b66c661631bc5c920aff3c5e0dc7915ca79d29814d3c293e84c522417f2dd0d4171c3cf4b1b8ef537a8a6d6b07b65f531
-
SSDEEP
6144:WYa6Bv7p3QTwn5M11k+zsndP21nktxtlfzw/5kb1wmO4zhOVJeUsK73b1KYr0hgP:WYfzFQTwM16+sdenmS5kbiiUsKLb13F
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-