General
-
Target
fc67352539e6d95d44816dbd3affde59553af0dacdae778027c5d2c8a09c50f6.zip
-
Size
780KB
-
Sample
240612-c3eftayhke
-
MD5
ca86e5b9bf52aa46ad253327c2431564
-
SHA1
0c00a57d292ae308d8e57e2d606471f93c1f5600
-
SHA256
fc67352539e6d95d44816dbd3affde59553af0dacdae778027c5d2c8a09c50f6
-
SHA512
5281907a0a8d466c56689ebccea92b18e3eb8b153d47ab472c8e45ae9070015423529d2728b82778721a6bd42f8b6c9639f227cc39ed9de5c6121a7a5d650b86
-
SSDEEP
24576:6WYJXRWrmh4xkIXbEqGIjoBr7mCzfDi3ys5K91Ju:6WYJXqXYIjoBvmqDYv5aJu
Static task
static1
Behavioral task
behavioral1
Sample
BL.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
BL.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
BL.exe
-
Size
1.2MB
-
MD5
a6e9d4fa94edb21aa16b167dfec4f624
-
SHA1
1b9f0d78dd27baa672c3d904b8bb0e8e9bdf7117
-
SHA256
f0a931ba453d846bac36ab75d1e79847170cd8f562ccb117e92133434d301abf
-
SHA512
1f64657ca18349d7977797b47414969494ab914387d1175b1cfeae4cda4f066111059eec2aa66fcf8333398934e764c740ee2d71453ada91fcd71c6a8c66bc64
-
SSDEEP
24576:/AHnh+eWsN3skA4RV1Hom2KXMmHaWe2HXtKxksRk9bEC5:ih+ZkldoPK8YaWegt+RR8d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-