General
-
Target
8bfd7886121330aca3002b5b1e768740.exe
-
Size
405KB
-
Sample
231202-eaf52shf7z
-
MD5
8bfd7886121330aca3002b5b1e768740
-
SHA1
1dae238a6f5c6fb2074f8f7e9dccdaa625ccc71e
-
SHA256
03b950d316f2e66e637a9cfdd2f769d5a53296b0459df9cb6ed0fc0d25282958
-
SHA512
48354e5f6af35bce559d1476752cea9ebc4637e7792f8531b452b076c9949dca2892948c85e5b42ceebdc45cc3c21d03ce039c22983451c7c38b939a08528ee1
-
SSDEEP
6144:P8LxBsXwwT1Y0cFlY/gryMLsow0D4XWGUugY2zh6haFpT5JQajkcnu0tbhQKYh:xXlT1Ys4uMLsL0DXGhIz+YO4HtyKG
Static task
static1
Behavioral task
behavioral1
Sample
8bfd7886121330aca3002b5b1e768740.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8bfd7886121330aca3002b5b1e768740.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
8bfd7886121330aca3002b5b1e768740.exe
-
Size
405KB
-
MD5
8bfd7886121330aca3002b5b1e768740
-
SHA1
1dae238a6f5c6fb2074f8f7e9dccdaa625ccc71e
-
SHA256
03b950d316f2e66e637a9cfdd2f769d5a53296b0459df9cb6ed0fc0d25282958
-
SHA512
48354e5f6af35bce559d1476752cea9ebc4637e7792f8531b452b076c9949dca2892948c85e5b42ceebdc45cc3c21d03ce039c22983451c7c38b939a08528ee1
-
SSDEEP
6144:P8LxBsXwwT1Y0cFlY/gryMLsow0D4XWGUugY2zh6haFpT5JQajkcnu0tbhQKYh:xXlT1Ys4uMLsL0DXGhIz+YO4HtyKG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-