General
-
Target
ce9a13ec63660a000abcfec2a47102b1c74cb2e989534df004ab1917aedad7bd
-
Size
2.9MB
-
Sample
240328-bfjxcacd3v
-
MD5
88303151484b0b83523c9948a5950b47
-
SHA1
7d3ccb141b650ea0d6fbeb8116857a951a5b6411
-
SHA256
ce9a13ec63660a000abcfec2a47102b1c74cb2e989534df004ab1917aedad7bd
-
SHA512
f8dc43b4dec83eaf52981499325cd5f264ef2ee34c6d6ac80f2cf333e61fdf7452374dc88e80fee4dc50ea4b865bc2eb538238321653b5f71e8225ab8b87882a
-
SSDEEP
49152:DNqGo8/vzMARGgwgpqrGr5y7nI3KDnapbkEQj1sNqGo8/vzMARGgwgpqrGr5y7nT:DNDTYAp02yI3Ani3wsNDTYAp02yI3Anh
Static task
static1
Behavioral task
behavioral1
Sample
ce9a13ec63660a000abcfec2a47102b1c74cb2e989534df004ab1917aedad7bd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ce9a13ec63660a000abcfec2a47102b1c74cb2e989534df004ab1917aedad7bd.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
ce9a13ec63660a000abcfec2a47102b1c74cb2e989534df004ab1917aedad7bd
-
Size
2.9MB
-
MD5
88303151484b0b83523c9948a5950b47
-
SHA1
7d3ccb141b650ea0d6fbeb8116857a951a5b6411
-
SHA256
ce9a13ec63660a000abcfec2a47102b1c74cb2e989534df004ab1917aedad7bd
-
SHA512
f8dc43b4dec83eaf52981499325cd5f264ef2ee34c6d6ac80f2cf333e61fdf7452374dc88e80fee4dc50ea4b865bc2eb538238321653b5f71e8225ab8b87882a
-
SSDEEP
49152:DNqGo8/vzMARGgwgpqrGr5y7nI3KDnapbkEQj1sNqGo8/vzMARGgwgpqrGr5y7nT:DNDTYAp02yI3Ani3wsNDTYAp02yI3Anh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-