General
-
Target
UnbrandedSpoofer.exe
-
Size
1.6MB
-
Sample
240329-3hd8escf96
-
MD5
c7a28f9dc387785be826907632461b2d
-
SHA1
9e074dcc5b706b6eabc13f966bc6775e0d7265eb
-
SHA256
74f9c1d6ee1ef99a55dea1c42b26af37dc580f5c4cbd80f99d74c30771816bc5
-
SHA512
9b3838eb21c86a24722eab1fc181dc36183a2435e26d6a7b12aed062b9955a77f29f7fcbba08e8c2ca6b99a1d625819a6cf03206454444126ce6fcbaf921cbd1
-
SSDEEP
24576:uITMvRFhRRbNWoCfkYSEH3OqtwIuXU7KdR9HNGo8fGXjMq:uITYbNbNWo4kSH3OqtwI1KxHNGo+GY
Static task
static1
Behavioral task
behavioral1
Sample
UnbrandedSpoofer.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
UnbrandedSpoofer.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
UnbrandedSpoofer.exe
-
Size
1.6MB
-
MD5
c7a28f9dc387785be826907632461b2d
-
SHA1
9e074dcc5b706b6eabc13f966bc6775e0d7265eb
-
SHA256
74f9c1d6ee1ef99a55dea1c42b26af37dc580f5c4cbd80f99d74c30771816bc5
-
SHA512
9b3838eb21c86a24722eab1fc181dc36183a2435e26d6a7b12aed062b9955a77f29f7fcbba08e8c2ca6b99a1d625819a6cf03206454444126ce6fcbaf921cbd1
-
SSDEEP
24576:uITMvRFhRRbNWoCfkYSEH3OqtwIuXU7KdR9HNGo8fGXjMq:uITYbNbNWo4kSH3OqtwI1KxHNGo+GY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-