General
-
Target
SecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.23897.15373.exe
-
Size
1.2MB
-
Sample
240612-dww8qazcmf
-
MD5
359d3e96ff4d7d9134950f306a2df9db
-
SHA1
022d3dbd94f36564f5bfc9da8846c6db3cc3c096
-
SHA256
8e85642be9336d213c4656c277dee5d9ee751ea822f33becb7c310506f058073
-
SHA512
c12c770b40f1287ec215a1a6955efe2f09bcbd53e57f061f85af9e8bf5b87f4fc113508dd3a3334f8e22bbc45a0bc2b02b5499cb6f44f633f0ffaaaec671e00e
-
SSDEEP
24576:lAHnh+eWsN3skA4RV1Hom2KXMmHa8dIkziSlhSgQkY5:Uh+ZkldoPK8Ya8dIkPSd
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.23897.15373.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.23897.15373.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.23897.15373.exe
-
Size
1.2MB
-
MD5
359d3e96ff4d7d9134950f306a2df9db
-
SHA1
022d3dbd94f36564f5bfc9da8846c6db3cc3c096
-
SHA256
8e85642be9336d213c4656c277dee5d9ee751ea822f33becb7c310506f058073
-
SHA512
c12c770b40f1287ec215a1a6955efe2f09bcbd53e57f061f85af9e8bf5b87f4fc113508dd3a3334f8e22bbc45a0bc2b02b5499cb6f44f633f0ffaaaec671e00e
-
SSDEEP
24576:lAHnh+eWsN3skA4RV1Hom2KXMmHa8dIkziSlhSgQkY5:Uh+ZkldoPK8Ya8dIkPSd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-