General
-
Target
d448c2e97475955647f73b9d2ea3dd49.bin
-
Size
798KB
-
Sample
230331-chkr4ahf5z
-
MD5
fe901ea2d3bcd39fff5515641f490c34
-
SHA1
50ad4fd660c91e2c1f7f628d2e6569eff784560e
-
SHA256
8c8e2a028db921eab128c93d0b338262bd88a57669daca9afea5cd743635ff09
-
SHA512
53d4e4439dd0b6b2b5f5e1b3cd73f5ef93683ca9336f3742d2edddbc6289d6ac77aeeab9a75149e0ed5de75915176ecd4f439d50d8d23cd92b8706d7a6cecdd5
-
SSDEEP
24576:F357/rPUBK2ZR4u6MTidppoFsBFAvoHr4w8T/OcYx:F3tDPUBWRdG6BivoL4F71Yx
Static task
static1
Behavioral task
behavioral1
Sample
a545a179685fdf20aeb2f2a9cd6d6e7e82deb4303acb9d4b77af64ff8a9bf4cf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a545a179685fdf20aeb2f2a9cd6d6e7e82deb4303acb9d4b77af64ff8a9bf4cf.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
a545a179685fdf20aeb2f2a9cd6d6e7e82deb4303acb9d4b77af64ff8a9bf4cf.exe
-
Size
1.1MB
-
MD5
d448c2e97475955647f73b9d2ea3dd49
-
SHA1
34187b126dbc748deeebc5adb99f376784ce92b9
-
SHA256
a545a179685fdf20aeb2f2a9cd6d6e7e82deb4303acb9d4b77af64ff8a9bf4cf
-
SHA512
36773c5d54baead5ea8d6ed5ca6c815c04f3c73456bef3624718eb746433d548b69aebd4084ee7681006d5a17ac2df76e2781f110ed480d1a095b13c28239813
-
SSDEEP
24576:v12zVZ97Ro3tNpLYonNQPYbvKuzidu6SMS7/7:vAR37Ro3V0Gxbv7idYZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-