General
-
Target
LOADER_1.5.exe
-
Size
3.5MB
-
Sample
240617-qafeaswcrk
-
MD5
6c31778cb80fff6ec7b7452726fbbfe2
-
SHA1
4711c23fe341761258cf12144309598502eebc06
-
SHA256
ba53b6ac7682df750e116312a66eed76f2386b1351e6e8018b85098e2277c563
-
SHA512
a822796aa0591b18c9abcdb7b4c892ea7937d78f3238c06031f6655a1622a3a037982328ade0878960db771b8c9c7f9128e239c0c391b704878d529a273bc722
-
SSDEEP
98304:Ka6EdThs72slZS1qmo8ovUPtNjt+IT4bNJFY3OqtTJa6E:KWNsZCqmo8oMPtVojBHY9
Static task
static1
Behavioral task
behavioral1
Sample
LOADER_1.5.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
LOADER_1.5.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
LOADER_1.5.exe
-
Size
3.5MB
-
MD5
6c31778cb80fff6ec7b7452726fbbfe2
-
SHA1
4711c23fe341761258cf12144309598502eebc06
-
SHA256
ba53b6ac7682df750e116312a66eed76f2386b1351e6e8018b85098e2277c563
-
SHA512
a822796aa0591b18c9abcdb7b4c892ea7937d78f3238c06031f6655a1622a3a037982328ade0878960db771b8c9c7f9128e239c0c391b704878d529a273bc722
-
SSDEEP
98304:Ka6EdThs72slZS1qmo8ovUPtNjt+IT4bNJFY3OqtTJa6E:KWNsZCqmo8oMPtVojBHY9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1