General
-
Target
1c5fe765bf3ebb0796a13fcfd22c3b9a92b55e2734b1de8904a8e8f8931f350f
-
Size
363KB
-
Sample
231203-cywvasha82
-
MD5
6efb6ff87f5d89884d54bec7292175cf
-
SHA1
22059d226717ac0d3939856d0dfa96d227d4f2f7
-
SHA256
1c5fe765bf3ebb0796a13fcfd22c3b9a92b55e2734b1de8904a8e8f8931f350f
-
SHA512
81af67219a0d32e45988d406a9faef65bbfbc816514d80867c57855fa286ecbcb86c9c1cc8730dc2be46f8e9ebd044102adf54cc5fef2d30efc0536701bb623c
-
SSDEEP
6144:3BlL/MvvVjdK0lJ5YqTkc1pEMkvIMFRnsEBkWqFFs7SqEsZc6/e5jbXyAGAu:xavtpKQhwiuMkrfkP07zO6/eF+eu
Static task
static1
Behavioral task
behavioral1
Sample
1c5fe765bf3ebb0796a13fcfd22c3b9a92b55e2734b1de8904a8e8f8931f350f.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1c5fe765bf3ebb0796a13fcfd22c3b9a92b55e2734b1de8904a8e8f8931f350f.exe
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
1c5fe765bf3ebb0796a13fcfd22c3b9a92b55e2734b1de8904a8e8f8931f350f
-
Size
363KB
-
MD5
6efb6ff87f5d89884d54bec7292175cf
-
SHA1
22059d226717ac0d3939856d0dfa96d227d4f2f7
-
SHA256
1c5fe765bf3ebb0796a13fcfd22c3b9a92b55e2734b1de8904a8e8f8931f350f
-
SHA512
81af67219a0d32e45988d406a9faef65bbfbc816514d80867c57855fa286ecbcb86c9c1cc8730dc2be46f8e9ebd044102adf54cc5fef2d30efc0536701bb623c
-
SSDEEP
6144:3BlL/MvvVjdK0lJ5YqTkc1pEMkvIMFRnsEBkWqFFs7SqEsZc6/e5jbXyAGAu:xavtpKQhwiuMkrfkP07zO6/eF+eu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-