General
-
Target
5BBE6CBE663FF413C9C7A46720CB1EFD61B07720D0B828D368918E9CEF336B30
-
Size
613KB
-
Sample
230718-zjxvdadg74
-
MD5
78df23e5fbb27d54348bc923408e6083
-
SHA1
1853562c204377c0cd4b61d6838bd2a7ffcc1c30
-
SHA256
5bbe6cbe663ff413c9c7a46720cb1efd61b07720d0b828d368918e9cef336b30
-
SHA512
b787e36fc3d22a50efad85ec11e2e806b3af98f68d25a832ce7b9fff1e281a35a76f9271777b3be7bb90f70cbdbad23da441ad5a0517caae573db964e1cb4a5c
-
SSDEEP
12288:vCUm4qZoK6U2JgTi8S3y5FeaUB5ZmW5Qj8S3hPUgyIW+a3XK:vDm4mGU2ln/F0n9UgNxaHK
Static task
static1
Behavioral task
behavioral1
Sample
5BBE6CBE663FF413C9C7A46720CB1EFD61B07720D0B828D368918E9CEF336B30.jar
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
5BBE6CBE663FF413C9C7A46720CB1EFD61B07720D0B828D368918E9CEF336B30.jar
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
5BBE6CBE663FF413C9C7A46720CB1EFD61B07720D0B828D368918E9CEF336B30
-
Size
613KB
-
MD5
78df23e5fbb27d54348bc923408e6083
-
SHA1
1853562c204377c0cd4b61d6838bd2a7ffcc1c30
-
SHA256
5bbe6cbe663ff413c9c7a46720cb1efd61b07720d0b828d368918e9cef336b30
-
SHA512
b787e36fc3d22a50efad85ec11e2e806b3af98f68d25a832ce7b9fff1e281a35a76f9271777b3be7bb90f70cbdbad23da441ad5a0517caae573db964e1cb4a5c
-
SSDEEP
12288:vCUm4qZoK6U2JgTi8S3y5FeaUB5ZmW5Qj8S3hPUgyIW+a3XK:vDm4mGU2ln/F0n9UgNxaHK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-