General
-
Target
Purchase Inquiry.tgz
-
Size
865KB
-
Sample
230825-h4654shg38
-
MD5
c84d97dd4c5a9df42b83ab722cabcb0a
-
SHA1
0e7c672b0168890f42af872fbacc78a245710cb3
-
SHA256
7544c87a07b8e9b7f1672384df5c50159e48827cba8b6cc6571e4fa86c0a096a
-
SHA512
f05d08ceb6c42f267aa200d3e3fa5a0afcedeef995a110f15906221416106bcef9a0e790189220371233a052bee5b7360efd028f49bf67df1a90949c5c864ae9
-
SSDEEP
6144:PIJ5fXWdxdEJ3l3qGVWK4qiGR2QsUK/ZRQuSR:Pglsxdi3la+lR2QW/Xw
Malware Config
Targets
-
-
Target
Purchase Inquiry.exe
-
Size
667.6MB
-
MD5
8853f09ec3bb03b32d81c8e37fa400d6
-
SHA1
375ffecdcb22dbfd0554344a5c3013261a8c3d8e
-
SHA256
e755f7a4a7e61769fd5294e8366ca844f6b51d7dea8ef2ff8f55af3551fb57c8
-
SHA512
21a4c65a99da7528456c1aa4b05e46d7149e8a096fc7a2539ba294794623e9e0ed213a886ecef3479ce8ff7b4a5179b535b1f179abcce50ad7e323d61ed234e9
-
SSDEEP
12288:1Hu//CrclLoqvhYydSpDe7sWvU+RMuN6ObzeTo63:1Hu//iclLo6hPdx7sHG/Mcz/u
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-