General
-
Target
326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb
-
Size
532KB
-
Sample
231203-bdyygsgf69
-
MD5
2c334fd4c8aca0cb889f3fb764b55c5b
-
SHA1
205d9c7f0da4488123ba70432454ee77f58a7a88
-
SHA256
326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb
-
SHA512
c58528f5dd0c33477c69719803757054edb70844ce68c0c4df184ce63d8fb5b6ee807a087f0592ad6c1b7c1b221c5144ce9dcc38c0cedac6a65c99dedfe590f3
-
SSDEEP
12288:vcxPgUrbekrZzSuYf63NjHTC9mXyGRqiMgQ/qf:095tz463x2mXynilQyf
Static task
static1
Behavioral task
behavioral1
Sample
326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb.exe
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb
-
Size
532KB
-
MD5
2c334fd4c8aca0cb889f3fb764b55c5b
-
SHA1
205d9c7f0da4488123ba70432454ee77f58a7a88
-
SHA256
326ca233e9e93b07a4ce7232bf7191a95cfa11e2d69c1b1a79fc69f1980722fb
-
SHA512
c58528f5dd0c33477c69719803757054edb70844ce68c0c4df184ce63d8fb5b6ee807a087f0592ad6c1b7c1b221c5144ce9dcc38c0cedac6a65c99dedfe590f3
-
SSDEEP
12288:vcxPgUrbekrZzSuYf63NjHTC9mXyGRqiMgQ/qf:095tz463x2mXynilQyf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-