General
-
Target
Debug.rar
-
Size
703KB
-
Sample
240407-x7acwacc6y
-
MD5
5d00873f5d1dfe75027ec6deb35bb518
-
SHA1
b4d448bb0e10be9f5926a567934d8c42e6124afb
-
SHA256
651f2668229b6d9e70b599c4321f219ee98a7b86e137c98f596bdd8aff092952
-
SHA512
80c0a895adb1e33991e173b51f34e8c38e09a5eb9852a66cfbc3871b8ed8df61e3bdb8bfc42727f577a2c441b0c5952e68a6a2905b38f577b8b4fe81d128b453
-
SSDEEP
12288:3aFVmOAhdHxdPLn931grPRhzkZJXNQTIWGk9HzA1ulSg5rpFk2vLTC:qrATxdDgfzEJXGTGkW1kSg7LTu
Behavioral task
behavioral1
Sample
Debug.rar
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Debug.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Debug.rar
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
Debug.rar
-
Size
703KB
-
MD5
5d00873f5d1dfe75027ec6deb35bb518
-
SHA1
b4d448bb0e10be9f5926a567934d8c42e6124afb
-
SHA256
651f2668229b6d9e70b599c4321f219ee98a7b86e137c98f596bdd8aff092952
-
SHA512
80c0a895adb1e33991e173b51f34e8c38e09a5eb9852a66cfbc3871b8ed8df61e3bdb8bfc42727f577a2c441b0c5952e68a6a2905b38f577b8b4fe81d128b453
-
SSDEEP
12288:3aFVmOAhdHxdPLn931grPRhzkZJXNQTIWGk9HzA1ulSg5rpFk2vLTC:qrATxdDgfzEJXGTGkW1kSg7LTu
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-