General
-
Target
PO00211.exe
-
Size
1.1MB
-
Sample
240618-q8jvdawfqa
-
MD5
b7734a54a4a6abe4bc2cab83472890b6
-
SHA1
dade3889244137a51358082055facca8ca0de2d8
-
SHA256
a02bbd9bc3479d4045279ab08d9823a0b5520659562368d9ec4557f2abda41bb
-
SHA512
98122a0e349c31785fbea53f1ce341e2dde266b689603ed0ec879d714084da6e434c8209f5dcf9934fb7107b320264f3d773c92df48aa08cca53958f5fb93bc2
-
SSDEEP
24576:PAHnh+eWsN3skA4RV1Hom2KXMmHaSwith3X4NpY05:yh+ZkldoPK8YaSwy3qpD
Static task
static1
Behavioral task
behavioral1
Sample
PO00211.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
PO00211.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
PO00211.exe
-
Size
1.1MB
-
MD5
b7734a54a4a6abe4bc2cab83472890b6
-
SHA1
dade3889244137a51358082055facca8ca0de2d8
-
SHA256
a02bbd9bc3479d4045279ab08d9823a0b5520659562368d9ec4557f2abda41bb
-
SHA512
98122a0e349c31785fbea53f1ce341e2dde266b689603ed0ec879d714084da6e434c8209f5dcf9934fb7107b320264f3d773c92df48aa08cca53958f5fb93bc2
-
SSDEEP
24576:PAHnh+eWsN3skA4RV1Hom2KXMmHaSwith3X4NpY05:yh+ZkldoPK8YaSwy3qpD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-