General
-
Target
5dce4eaea9fd880061d4b09bc17560aac84b7550828e7a13c776e4eb573ccb1c
-
Size
1.1MB
-
Sample
240619-cxtnjssckg
-
MD5
5b186325e5ddd47e4ca938b63760b38a
-
SHA1
ff94195d2845a11215bf74b895cccb090041a7d7
-
SHA256
5dce4eaea9fd880061d4b09bc17560aac84b7550828e7a13c776e4eb573ccb1c
-
SHA512
02f241793035e38165c43d98edee6dfc488c82f0d76b1332593f1aa7159eca672ee76373897006916a66a4590b7339bf3573348b7108b220feabbca11c2519d9
-
SSDEEP
24576:PAHnh+eWsN3skA4RV1Hom2KXMmHafXoHr2fofXSDiktjj5:yh+ZkldoPK8YafiKSDk3
Static task
static1
Behavioral task
behavioral1
Sample
5dce4eaea9fd880061d4b09bc17560aac84b7550828e7a13c776e4eb573ccb1c.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
5dce4eaea9fd880061d4b09bc17560aac84b7550828e7a13c776e4eb573ccb1c.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
5dce4eaea9fd880061d4b09bc17560aac84b7550828e7a13c776e4eb573ccb1c
-
Size
1.1MB
-
MD5
5b186325e5ddd47e4ca938b63760b38a
-
SHA1
ff94195d2845a11215bf74b895cccb090041a7d7
-
SHA256
5dce4eaea9fd880061d4b09bc17560aac84b7550828e7a13c776e4eb573ccb1c
-
SHA512
02f241793035e38165c43d98edee6dfc488c82f0d76b1332593f1aa7159eca672ee76373897006916a66a4590b7339bf3573348b7108b220feabbca11c2519d9
-
SSDEEP
24576:PAHnh+eWsN3skA4RV1Hom2KXMmHafXoHr2fofXSDiktjj5:yh+ZkldoPK8YafiKSDk3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-