General
-
Target
ef21971cc13a1478cf396c7290ca859e4a77178d63c914093456515befa16bb9
-
Size
1.2MB
-
Sample
240524-bgcvesfg79
-
MD5
551e9650c3683f499ba8bc3abed3c41e
-
SHA1
9a85cb80e49d1949391af936e8a131b5b7e94b3c
-
SHA256
ef21971cc13a1478cf396c7290ca859e4a77178d63c914093456515befa16bb9
-
SHA512
339f828c932a6f2997da9b737704cec8728da47cd279ac0d24d515f636940a6506e64294eecd4948543a76a7f14db64f95cabd89def51292e23dc6d78ecc7d61
-
SSDEEP
24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8apZjEqTW7nJVyEh9Nu:tTvC/MTQYxsWR7apZjXKnh
Static task
static1
Behavioral task
behavioral1
Sample
ef21971cc13a1478cf396c7290ca859e4a77178d63c914093456515befa16bb9.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ef21971cc13a1478cf396c7290ca859e4a77178d63c914093456515befa16bb9.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
ef21971cc13a1478cf396c7290ca859e4a77178d63c914093456515befa16bb9
-
Size
1.2MB
-
MD5
551e9650c3683f499ba8bc3abed3c41e
-
SHA1
9a85cb80e49d1949391af936e8a131b5b7e94b3c
-
SHA256
ef21971cc13a1478cf396c7290ca859e4a77178d63c914093456515befa16bb9
-
SHA512
339f828c932a6f2997da9b737704cec8728da47cd279ac0d24d515f636940a6506e64294eecd4948543a76a7f14db64f95cabd89def51292e23dc6d78ecc7d61
-
SSDEEP
24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8apZjEqTW7nJVyEh9Nu:tTvC/MTQYxsWR7apZjXKnh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-