General
-
Target
b353f9892d8169f4e0ee5046d64ad301386ada46356f2e66e18c28ae8d17679d
-
Size
364KB
-
Sample
231206-dn5vwsaf44
-
MD5
0c4bb2454ce93e6c26ced4785805455f
-
SHA1
597867955dfab7a5e3a30cbad3912f2a25b360f2
-
SHA256
b353f9892d8169f4e0ee5046d64ad301386ada46356f2e66e18c28ae8d17679d
-
SHA512
f824237372a82f2c07d1c65bc88667f091b138bb984b3b31289d2aff4e05509b01e136b78f596377c443086b0805e1d2e58e105d82ed8f1c50018e856a012363
-
SSDEEP
6144:P8LxB0Pi+VX4gGvnaMvFs1l5BQLUmYmcMTAPDIYsqUU6SlE4t7n6Sh0VcyqkXLTw:xwHZvGv7QL1RcEAbUc6oEOOVVnqk7Tw
Static task
static1
Behavioral task
behavioral1
Sample
b353f9892d8169f4e0ee5046d64ad301386ada46356f2e66e18c28ae8d17679d.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
b353f9892d8169f4e0ee5046d64ad301386ada46356f2e66e18c28ae8d17679d.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
b353f9892d8169f4e0ee5046d64ad301386ada46356f2e66e18c28ae8d17679d
-
Size
364KB
-
MD5
0c4bb2454ce93e6c26ced4785805455f
-
SHA1
597867955dfab7a5e3a30cbad3912f2a25b360f2
-
SHA256
b353f9892d8169f4e0ee5046d64ad301386ada46356f2e66e18c28ae8d17679d
-
SHA512
f824237372a82f2c07d1c65bc88667f091b138bb984b3b31289d2aff4e05509b01e136b78f596377c443086b0805e1d2e58e105d82ed8f1c50018e856a012363
-
SSDEEP
6144:P8LxB0Pi+VX4gGvnaMvFs1l5BQLUmYmcMTAPDIYsqUU6SlE4t7n6Sh0VcyqkXLTw:xwHZvGv7QL1RcEAbUc6oEOOVVnqk7Tw
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-