General
-
Target
eff673e5ff24a753d775c93914d2468bd6bb51ec301115ff6f894f7917c37e4e
-
Size
12.6MB
-
Sample
240416-ck49hsgf9t
-
MD5
828b92bff3093ae4a7de625ff52d4db9
-
SHA1
22e4fd97c83e8693aeea7c62f0f58e59b3bfba5d
-
SHA256
eff673e5ff24a753d775c93914d2468bd6bb51ec301115ff6f894f7917c37e4e
-
SHA512
be7e08fb9af8cff2f8173876b87ab591cf094bcdbdfdb76ef52be24beb83882bc928f06a96ba4cd979fc51ab41c98369473d5bff767520615cc40c78efdbb6ed
-
SSDEEP
196608:wblRO/sYnmyz4TmbLjR7CoK1D+aNOFpuKxDCpNsbw8GzN9iBl4TEatLkvjSMc:emmyz4TmN+oK1+HVefsbw8/oTLh
Static task
static1
Behavioral task
behavioral1
Sample
eff673e5ff24a753d775c93914d2468bd6bb51ec301115ff6f894f7917c37e4e.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
eff673e5ff24a753d775c93914d2468bd6bb51ec301115ff6f894f7917c37e4e
-
Size
12.6MB
-
MD5
828b92bff3093ae4a7de625ff52d4db9
-
SHA1
22e4fd97c83e8693aeea7c62f0f58e59b3bfba5d
-
SHA256
eff673e5ff24a753d775c93914d2468bd6bb51ec301115ff6f894f7917c37e4e
-
SHA512
be7e08fb9af8cff2f8173876b87ab591cf094bcdbdfdb76ef52be24beb83882bc928f06a96ba4cd979fc51ab41c98369473d5bff767520615cc40c78efdbb6ed
-
SSDEEP
196608:wblRO/sYnmyz4TmbLjR7CoK1D+aNOFpuKxDCpNsbw8GzN9iBl4TEatLkvjSMc:emmyz4TmN+oK1+HVefsbw8/oTLh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-