General
-
Target
fd1e71506e6acef86142f01c0f8550f6c8908b7337b86b627ace2af6cbda1453
-
Size
429KB
-
Sample
231206-cqynxsab93
-
MD5
bdf2b3b191432b2beb2d9280bc15cfc5
-
SHA1
490bdef6de2ea69eb1363e4dc790e132e4b73a3b
-
SHA256
fd1e71506e6acef86142f01c0f8550f6c8908b7337b86b627ace2af6cbda1453
-
SHA512
c37b9994381c17a9a3e3576b0ddfd4a77d56deeb6529c19033138a2cfe7d016c4e9a1ee1cbfd8723bac1121a42d8bef9941212262c27f3dd74d780eea72bad2c
-
SSDEEP
6144:Z8LxB9Z0Q7EjnhEXc0ZBnVHlN4T6XoFy8RiwjiI0CAi2FCnfSDRWXHSAu:eZ17ghr0rnLN4T6Gy8905FCnqAXfu
Static task
static1
Behavioral task
behavioral1
Sample
fd1e71506e6acef86142f01c0f8550f6c8908b7337b86b627ace2af6cbda1453.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
fd1e71506e6acef86142f01c0f8550f6c8908b7337b86b627ace2af6cbda1453.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
fd1e71506e6acef86142f01c0f8550f6c8908b7337b86b627ace2af6cbda1453
-
Size
429KB
-
MD5
bdf2b3b191432b2beb2d9280bc15cfc5
-
SHA1
490bdef6de2ea69eb1363e4dc790e132e4b73a3b
-
SHA256
fd1e71506e6acef86142f01c0f8550f6c8908b7337b86b627ace2af6cbda1453
-
SHA512
c37b9994381c17a9a3e3576b0ddfd4a77d56deeb6529c19033138a2cfe7d016c4e9a1ee1cbfd8723bac1121a42d8bef9941212262c27f3dd74d780eea72bad2c
-
SSDEEP
6144:Z8LxB9Z0Q7EjnhEXc0ZBnVHlN4T6XoFy8RiwjiI0CAi2FCnfSDRWXHSAu:eZ17ghr0rnLN4T6Gy8905FCnqAXfu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-