General
-
Target
1c1a28fdaac92ef8a7f6032dd94cdc56a690fc78c99910a5b78709435ea992f3
-
Size
1.3MB
-
Sample
230926-rcdh6ahh5t
-
MD5
5d86018377d9cf83e6e2c08fd9fd60d3
-
SHA1
3ae1897f221aa5893f8aff0bfd79666f8ba2236f
-
SHA256
1c1a28fdaac92ef8a7f6032dd94cdc56a690fc78c99910a5b78709435ea992f3
-
SHA512
d2ea45f5f6aa1561468ff5657d6b9cfc1fe3168621dde2706423cf26c12a8c5a0fa920275bc2a7294d341e39da71493975b0c4632701d4629966b1a058b52fb7
-
SSDEEP
24576:YkzJBUqX3qbkN6s2P2VElQJyNmXy76p7ZUgSb2H8KZ/L2zZnJf+MCFL3:YkNBH16sVOy0NmXIgSudT2teL
Malware Config
Targets
-
-
Target
1c1a28fdaac92ef8a7f6032dd94cdc56a690fc78c99910a5b78709435ea992f3
-
Size
1.3MB
-
MD5
5d86018377d9cf83e6e2c08fd9fd60d3
-
SHA1
3ae1897f221aa5893f8aff0bfd79666f8ba2236f
-
SHA256
1c1a28fdaac92ef8a7f6032dd94cdc56a690fc78c99910a5b78709435ea992f3
-
SHA512
d2ea45f5f6aa1561468ff5657d6b9cfc1fe3168621dde2706423cf26c12a8c5a0fa920275bc2a7294d341e39da71493975b0c4632701d4629966b1a058b52fb7
-
SSDEEP
24576:YkzJBUqX3qbkN6s2P2VElQJyNmXy76p7ZUgSb2H8KZ/L2zZnJf+MCFL3:YkNBH16sVOy0NmXIgSudT2teL
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-