General
-
Target
d4023d971af3eda8dddfc41493d49f3cc47748ad20cdcf602bf19f88c39e06f4
-
Size
509KB
-
Sample
231205-t8h5macd7s
-
MD5
2c013b3be5e26e53cace27abe1d9803b
-
SHA1
f5c217e1a7bf046e0e1c0efed58345725795e57d
-
SHA256
d4023d971af3eda8dddfc41493d49f3cc47748ad20cdcf602bf19f88c39e06f4
-
SHA512
c2c5349e383f03827c90f7590f9e3f97a566a294b705bb39ab8c64d34c8780b01a791307f250c63252026fe68586f1409915959308b4c92bfb20484b0452784e
-
SSDEEP
12288:wrs6p8UdGrUOUitLuWbmjV7AVUZGclZI8w0bfDudz:SsedGr/Ui1uTjVqUQclLbSl
Static task
static1
Behavioral task
behavioral1
Sample
d4023d971af3eda8dddfc41493d49f3cc47748ad20cdcf602bf19f88c39e06f4.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
d4023d971af3eda8dddfc41493d49f3cc47748ad20cdcf602bf19f88c39e06f4.exe
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
d4023d971af3eda8dddfc41493d49f3cc47748ad20cdcf602bf19f88c39e06f4
-
Size
509KB
-
MD5
2c013b3be5e26e53cace27abe1d9803b
-
SHA1
f5c217e1a7bf046e0e1c0efed58345725795e57d
-
SHA256
d4023d971af3eda8dddfc41493d49f3cc47748ad20cdcf602bf19f88c39e06f4
-
SHA512
c2c5349e383f03827c90f7590f9e3f97a566a294b705bb39ab8c64d34c8780b01a791307f250c63252026fe68586f1409915959308b4c92bfb20484b0452784e
-
SSDEEP
12288:wrs6p8UdGrUOUitLuWbmjV7AVUZGclZI8w0bfDudz:SsedGr/Ui1uTjVqUQclLbSl
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-