General
-
Target
SecuriteInfo.com.Trojan.PackedNET.2583.13042.12737.exe
-
Size
480KB
-
Sample
231212-qnx69sfbg6
-
MD5
0af8a004f6c9175b323b2556f30cee13
-
SHA1
d014e2470c3c007ad9a1caccd2550877df09df71
-
SHA256
b37d2fbaf9a7a306ead7d7f4861773e8bf5f0c82e81b2a47d4b0d79fac8bfe5a
-
SHA512
312d5e9042ae1493989c490f4d1f6c5bdb3751f91d5befe25c7a35f75fc12241dc6b012020566118e2005deccb4729a258d5ea596f4e75acaf77a29c16e5c491
-
SSDEEP
12288:3U/JSojALcg6wXsN+pkrZjeyKS37KJPRtpcviv6cx:hbghw5mEyL37kJ4iv
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.2583.13042.12737.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PackedNET.2583.13042.12737.exe
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.2583.13042.12737.exe
-
Size
480KB
-
MD5
0af8a004f6c9175b323b2556f30cee13
-
SHA1
d014e2470c3c007ad9a1caccd2550877df09df71
-
SHA256
b37d2fbaf9a7a306ead7d7f4861773e8bf5f0c82e81b2a47d4b0d79fac8bfe5a
-
SHA512
312d5e9042ae1493989c490f4d1f6c5bdb3751f91d5befe25c7a35f75fc12241dc6b012020566118e2005deccb4729a258d5ea596f4e75acaf77a29c16e5c491
-
SSDEEP
12288:3U/JSojALcg6wXsN+pkrZjeyKS37KJPRtpcviv6cx:hbghw5mEyL37kJ4iv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-