General
-
Target
54cd3b5bad032d15ed2b61e5aa40128d0fc5fc2d9e84b0fc588fdb440bae3fd3
-
Size
118KB
-
Sample
240416-ck5kaaeh38
-
MD5
9ab2587c9b7f0083edb6ef8e9a3f4bd1
-
SHA1
5834bbf71c4464adf7c79fc0abbbadec42277b89
-
SHA256
54cd3b5bad032d15ed2b61e5aa40128d0fc5fc2d9e84b0fc588fdb440bae3fd3
-
SHA512
4907c4beeb54579c8aea27485b0bf1766f1d4a3f490231f177108a4e89f1b33072cdeefde6e4f92ca1801dc798ff8c54dd832ef97662c3c64f86b31a84251ce2
-
SSDEEP
3072:FgRyFgtnvPSQxIIrNTUfEP+9HRAaMagfSv8+nS:FUPcIrmfEG9xA9qvRn
Static task
static1
Behavioral task
behavioral1
Sample
54cd3b5bad032d15ed2b61e5aa40128d0fc5fc2d9e84b0fc588fdb440bae3fd3.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
54cd3b5bad032d15ed2b61e5aa40128d0fc5fc2d9e84b0fc588fdb440bae3fd3
-
Size
118KB
-
MD5
9ab2587c9b7f0083edb6ef8e9a3f4bd1
-
SHA1
5834bbf71c4464adf7c79fc0abbbadec42277b89
-
SHA256
54cd3b5bad032d15ed2b61e5aa40128d0fc5fc2d9e84b0fc588fdb440bae3fd3
-
SHA512
4907c4beeb54579c8aea27485b0bf1766f1d4a3f490231f177108a4e89f1b33072cdeefde6e4f92ca1801dc798ff8c54dd832ef97662c3c64f86b31a84251ce2
-
SSDEEP
3072:FgRyFgtnvPSQxIIrNTUfEP+9HRAaMagfSv8+nS:FUPcIrmfEG9xA9qvRn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-