General
-
Target
1c71c9a1f55df1eaa11402798696fa7176155fabad5f69f8778d340a911d2651
-
Size
2.2MB
-
Sample
231203-cv2alshb7w
-
MD5
07a27ce678e07245f97aea3ef3310005
-
SHA1
475db932ef060ac59584b1130521ed0990c5a631
-
SHA256
1c71c9a1f55df1eaa11402798696fa7176155fabad5f69f8778d340a911d2651
-
SHA512
3aa52830da5696f170c50d6359ebd222858ef1579e3aae4f78fd8c7705f8a351dad09918261a230e834894502a1bf2339d616d4546bc0f35571bdb82523aa60e
-
SSDEEP
49152:knsHyjtk2MYC5GDsHMxAJ4GIMqyBqYKhSVffgs54ouLwc:knsmtk2akxAJ4oqYLKhSlj2ouLwc
Static task
static1
Behavioral task
behavioral1
Sample
1c71c9a1f55df1eaa11402798696fa7176155fabad5f69f8778d340a911d2651.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
1c71c9a1f55df1eaa11402798696fa7176155fabad5f69f8778d340a911d2651.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
1c71c9a1f55df1eaa11402798696fa7176155fabad5f69f8778d340a911d2651
-
Size
2.2MB
-
MD5
07a27ce678e07245f97aea3ef3310005
-
SHA1
475db932ef060ac59584b1130521ed0990c5a631
-
SHA256
1c71c9a1f55df1eaa11402798696fa7176155fabad5f69f8778d340a911d2651
-
SHA512
3aa52830da5696f170c50d6359ebd222858ef1579e3aae4f78fd8c7705f8a351dad09918261a230e834894502a1bf2339d616d4546bc0f35571bdb82523aa60e
-
SSDEEP
49152:knsHyjtk2MYC5GDsHMxAJ4GIMqyBqYKhSVffgs54ouLwc:knsmtk2akxAJ4oqYLKhSlj2ouLwc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-