General
-
Target
BLandParkingList.exe
-
Size
695KB
-
Sample
231205-t6wb6sch35
-
MD5
44a926d288b22893f0804dcfef210bfa
-
SHA1
1abb651411567f4b270bcfcad748ebeecd39c411
-
SHA256
7c751a1b82481762ea096a998fd0e35ddb00bbd03df9784d09771be310951d2c
-
SHA512
0d3af18e3c0b313be85e4fbed71a8dddd39490878cd13a7a676545eec3c67b7575637397aae78d866ac98cc3e00699c8d89cae27789f83dcb3c51d7519d5ca80
-
SSDEEP
12288:kIl5nF85RD8ah1+dIZyRcwz73uVIJFqwsK5qsIn3gq1+EKi4dqrlbv:rlwgah1+fBHJcwajwq/7Hhbv
Static task
static1
Behavioral task
behavioral1
Sample
BLandParkingList.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
BLandParkingList.exe
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
BLandParkingList.exe
-
Size
695KB
-
MD5
44a926d288b22893f0804dcfef210bfa
-
SHA1
1abb651411567f4b270bcfcad748ebeecd39c411
-
SHA256
7c751a1b82481762ea096a998fd0e35ddb00bbd03df9784d09771be310951d2c
-
SHA512
0d3af18e3c0b313be85e4fbed71a8dddd39490878cd13a7a676545eec3c67b7575637397aae78d866ac98cc3e00699c8d89cae27789f83dcb3c51d7519d5ca80
-
SSDEEP
12288:kIl5nF85RD8ah1+dIZyRcwz73uVIJFqwsK5qsIn3gq1+EKi4dqrlbv:rlwgah1+fBHJcwajwq/7Hhbv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-