General
-
Target
BL-LADING#ATA-3678920.exe
-
Size
1.2MB
-
Sample
240612-g3rtcssgkj
-
MD5
2e16ccbf4b88cdc9ee33e9567a4a57a8
-
SHA1
e80afb7e7eddaa1a8c7e562c6adb08096b6eb3e6
-
SHA256
a55772bb4850dfeb76f1779905b5e039be5d3bee5df8ed45a944fe875512ccce
-
SHA512
97801be2ebbac0e75cb719863fa667a9dd966440cfc5293495d7e053cc39169dc4323a654bec720736ef4fd03397b19bb44875e2f52c837f49ea5074d23ea1cb
-
SSDEEP
24576:qAHnh+eWsN3skA4RV1Hom2KXMmHaKvGoNitPXp5:9h+ZkldoPK8YaKXw7
Static task
static1
Behavioral task
behavioral1
Sample
BL-LADING#ATA-3678920.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
BL-LADING#ATA-3678920.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
BL-LADING#ATA-3678920.exe
-
Size
1.2MB
-
MD5
2e16ccbf4b88cdc9ee33e9567a4a57a8
-
SHA1
e80afb7e7eddaa1a8c7e562c6adb08096b6eb3e6
-
SHA256
a55772bb4850dfeb76f1779905b5e039be5d3bee5df8ed45a944fe875512ccce
-
SHA512
97801be2ebbac0e75cb719863fa667a9dd966440cfc5293495d7e053cc39169dc4323a654bec720736ef4fd03397b19bb44875e2f52c837f49ea5074d23ea1cb
-
SSDEEP
24576:qAHnh+eWsN3skA4RV1Hom2KXMmHaKvGoNitPXp5:9h+ZkldoPK8YaKXw7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-