General
-
Target
a6bcba1163a4924be728f1c6b847de3342a23047b30c7bcdebecf01910d66515.exe
-
Size
1.1MB
-
Sample
240518-k2qfpada2v
-
MD5
d3d4eadf3c33f7f479c4e647ac76ed25
-
SHA1
de5ed294b31eb5f6b43b1f53d7199cdfb937d2be
-
SHA256
a6bcba1163a4924be728f1c6b847de3342a23047b30c7bcdebecf01910d66515
-
SHA512
dd0dd44074f114d40cee6a3e5e004fa186cc22d1c6fde9bbbbb4eaad02fc9935ac3807982e8cb3338a7ae37fafe6a67a45fffc040f08617af994d159057ccd99
-
SSDEEP
24576:4AHnh+eWsN3skA4RV1Hom2KXMmHa41rTNIZt3ZAy+vKLIzL5:/h+ZkldoPK8Ya41rA3m+MB
Static task
static1
Behavioral task
behavioral1
Sample
a6bcba1163a4924be728f1c6b847de3342a23047b30c7bcdebecf01910d66515.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a6bcba1163a4924be728f1c6b847de3342a23047b30c7bcdebecf01910d66515.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a6bcba1163a4924be728f1c6b847de3342a23047b30c7bcdebecf01910d66515.exe
-
Size
1.1MB
-
MD5
d3d4eadf3c33f7f479c4e647ac76ed25
-
SHA1
de5ed294b31eb5f6b43b1f53d7199cdfb937d2be
-
SHA256
a6bcba1163a4924be728f1c6b847de3342a23047b30c7bcdebecf01910d66515
-
SHA512
dd0dd44074f114d40cee6a3e5e004fa186cc22d1c6fde9bbbbb4eaad02fc9935ac3807982e8cb3338a7ae37fafe6a67a45fffc040f08617af994d159057ccd99
-
SSDEEP
24576:4AHnh+eWsN3skA4RV1Hom2KXMmHa41rTNIZt3ZAy+vKLIzL5:/h+ZkldoPK8Ya41rA3m+MB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-