General
-
Target
82b68604fc83225fdb2804ceebf00c437c508b9b59312fcc6509b2f02c10e47b
-
Size
1.1MB
-
Sample
240522-cnn2psha79
-
MD5
56d47eefac058fdb3f53f90edfbf487f
-
SHA1
183a3ac0c307a694ab9d3e1d8524e53a3da962a8
-
SHA256
82b68604fc83225fdb2804ceebf00c437c508b9b59312fcc6509b2f02c10e47b
-
SHA512
3c26fa656b09ab3b59f8eaa1857a269b49f238091c63031db58c3d7a72ef24d35270971cebfaa17f60b4421b578f67074536e91540c963279c8eac296bb2a9c4
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXMmHa5PHMEYxIDDyoiA3ck5:1h+ZkldoPK8Ya5EfIDoA3X
Malware Config
Targets
-
-
Target
82b68604fc83225fdb2804ceebf00c437c508b9b59312fcc6509b2f02c10e47b
-
Size
1.1MB
-
MD5
56d47eefac058fdb3f53f90edfbf487f
-
SHA1
183a3ac0c307a694ab9d3e1d8524e53a3da962a8
-
SHA256
82b68604fc83225fdb2804ceebf00c437c508b9b59312fcc6509b2f02c10e47b
-
SHA512
3c26fa656b09ab3b59f8eaa1857a269b49f238091c63031db58c3d7a72ef24d35270971cebfaa17f60b4421b578f67074536e91540c963279c8eac296bb2a9c4
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXMmHa5PHMEYxIDDyoiA3ck5:1h+ZkldoPK8Ya5EfIDoA3X
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-