General
-
Target
DCP.exe
-
Size
1.2MB
-
Sample
240618-qrybfazcnn
-
MD5
9eee6e759aa62dc10f9e4d0cd55b7e18
-
SHA1
c18117e48721af4739df0a3956488ee65c78dc09
-
SHA256
c33d326096071fd9b4dfc0c5668d7b5452814a994811942cabe97ec4de15b1a4
-
SHA512
d1043cdb4a5ad85b49a3eaaf39c09b66f38be16aeeacd99afae60098783474110d54429b171bd8ea0fc3e4ff9ae26b2151bd986c11d6cc589357ab6c563986d2
-
SSDEEP
24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaT087B3+tZPtQSeWGkq5:qh+ZkldoPK8YaTd0DfeWi
Static task
static1
Behavioral task
behavioral1
Sample
DCP.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
DCP.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
DCP.exe
-
Size
1.2MB
-
MD5
9eee6e759aa62dc10f9e4d0cd55b7e18
-
SHA1
c18117e48721af4739df0a3956488ee65c78dc09
-
SHA256
c33d326096071fd9b4dfc0c5668d7b5452814a994811942cabe97ec4de15b1a4
-
SHA512
d1043cdb4a5ad85b49a3eaaf39c09b66f38be16aeeacd99afae60098783474110d54429b171bd8ea0fc3e4ff9ae26b2151bd986c11d6cc589357ab6c563986d2
-
SSDEEP
24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaT087B3+tZPtQSeWGkq5:qh+ZkldoPK8YaTd0DfeWi
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-