General
-
Target
057aab2a096d3eb60389b2a679c5e328da91507d6bf3cf018152f36829bffe54
-
Size
347KB
-
Sample
230402-jycvrafd23
-
MD5
796099660c004943c505c3bfaa6da30f
-
SHA1
1510aee13f7eff42a9af258221f4f39bb11ef9b6
-
SHA256
057aab2a096d3eb60389b2a679c5e328da91507d6bf3cf018152f36829bffe54
-
SHA512
aa29fae0a676f0c8bedc2e9b2db00aec936b5eaf35fe6ba2388842d93e824ecd067bb64efc2c39ba54155d08f7f5618c3a7b755b0c96997b10e92e1d5584191f
-
SSDEEP
6144:gYa69/gr8YUy4Mi7nX5jEC0dBAOnrhMKlmi9WEKbinK0I0AFkWV/ql:gYn08YUy4Mi710nZnrKKMiH6iK0xbF
Static task
static1
Behavioral task
behavioral1
Sample
057aab2a096d3eb60389b2a679c5e328da91507d6bf3cf018152f36829bffe54.exe
Resource
win10-20230220-en
Malware Config
Targets
-
-
Target
057aab2a096d3eb60389b2a679c5e328da91507d6bf3cf018152f36829bffe54
-
Size
347KB
-
MD5
796099660c004943c505c3bfaa6da30f
-
SHA1
1510aee13f7eff42a9af258221f4f39bb11ef9b6
-
SHA256
057aab2a096d3eb60389b2a679c5e328da91507d6bf3cf018152f36829bffe54
-
SHA512
aa29fae0a676f0c8bedc2e9b2db00aec936b5eaf35fe6ba2388842d93e824ecd067bb64efc2c39ba54155d08f7f5618c3a7b755b0c96997b10e92e1d5584191f
-
SSDEEP
6144:gYa69/gr8YUy4Mi7nX5jEC0dBAOnrhMKlmi9WEKbinK0I0AFkWV/ql:gYn08YUy4Mi710nZnrKKMiH6iK0xbF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-