General
-
Target
341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159.exe
-
Size
1.2MB
-
Sample
240518-lct81sdc73
-
MD5
76609684d4f0fdd1e46ddf8353c389bf
-
SHA1
9d8d983f75264a4989a55774cd500ee68b40e70b
-
SHA256
341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159
-
SHA512
abfadc1ab8f0439697a5ca36f4c29c2d0ddcde3ac0249993ffc09aac3d8f856a9f01e32203e976938c80271a9f865435b7ea903a8dc0b24e34e7b82d999542e3
-
SSDEEP
24576:sAHnh+eWsN3skA4RV1Hom2KXMmHaqYTPyd+ez0pBTazbM5gMv45:Lh+ZkldoPK8YaqYU+4aBTaU5gMW
Static task
static1
Behavioral task
behavioral1
Sample
341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159.exe
-
Size
1.2MB
-
MD5
76609684d4f0fdd1e46ddf8353c389bf
-
SHA1
9d8d983f75264a4989a55774cd500ee68b40e70b
-
SHA256
341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159
-
SHA512
abfadc1ab8f0439697a5ca36f4c29c2d0ddcde3ac0249993ffc09aac3d8f856a9f01e32203e976938c80271a9f865435b7ea903a8dc0b24e34e7b82d999542e3
-
SSDEEP
24576:sAHnh+eWsN3skA4RV1Hom2KXMmHaqYTPyd+ez0pBTazbM5gMv45:Lh+ZkldoPK8YaqYU+4aBTaU5gMW
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-