General
-
Target
3b8974abc5bd12b5dc5c5438f83f262ba8c4c01efcee9a95932d98b8817a35cb
-
Size
587KB
-
Sample
231209-cfm5faffd2
-
MD5
62bcb2a5e85045733c1317675ede5529
-
SHA1
07f5e3a4d0ae03182b7553d1bb5af738624745d7
-
SHA256
3b8974abc5bd12b5dc5c5438f83f262ba8c4c01efcee9a95932d98b8817a35cb
-
SHA512
25904446bfa10fb0c5194250d71c86a6045f5ed1f3882d224b1933644d8e09ddbaec773fb890c298edb527c778ec7f538d021691475dfae6b0b0846eaf43329f
-
SSDEEP
12288:GxPgUrdBpK8vNhdyzpeG6MqgsrUWaCX0uvSGF:Ov/vNhMqd/Sk
Static task
static1
Behavioral task
behavioral1
Sample
3b8974abc5bd12b5dc5c5438f83f262ba8c4c01efcee9a95932d98b8817a35cb.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
3b8974abc5bd12b5dc5c5438f83f262ba8c4c01efcee9a95932d98b8817a35cb.exe
Resource
win10v2004-20231201-en
Malware Config
Targets
-
-
Target
3b8974abc5bd12b5dc5c5438f83f262ba8c4c01efcee9a95932d98b8817a35cb
-
Size
587KB
-
MD5
62bcb2a5e85045733c1317675ede5529
-
SHA1
07f5e3a4d0ae03182b7553d1bb5af738624745d7
-
SHA256
3b8974abc5bd12b5dc5c5438f83f262ba8c4c01efcee9a95932d98b8817a35cb
-
SHA512
25904446bfa10fb0c5194250d71c86a6045f5ed1f3882d224b1933644d8e09ddbaec773fb890c298edb527c778ec7f538d021691475dfae6b0b0846eaf43329f
-
SSDEEP
12288:GxPgUrdBpK8vNhdyzpeG6MqgsrUWaCX0uvSGF:Ov/vNhMqd/Sk
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-