General
-
Target
5b67517eeb4645cca083400b697cd515c558dc0e3be693ab9ff51ba5ba15f683
-
Size
1.1MB
-
Sample
240629-by33ya1cnn
-
MD5
ba07b251e27f448a957f762710cc33f9
-
SHA1
744bd78be714cd94cdc1dcca33ab9fef3e4c65ad
-
SHA256
5b67517eeb4645cca083400b697cd515c558dc0e3be693ab9ff51ba5ba15f683
-
SHA512
1a168931433477da0ea2090e6f1d4e2df975e50bbd96f55629a8ce0d15d598361b4e4a80efb52b4cbec829ab2ee77183668708fa2603cb41779677119c9f6a5b
-
SSDEEP
24576:1AHnh+eWsN3skA4RV1Hom2KXMmHaFi55yutCCbStR0RWXPYJ51Kg5:kh+ZkldoPK8YaFEykCCbStRfX051p
Static task
static1
Behavioral task
behavioral1
Sample
5b67517eeb4645cca083400b697cd515c558dc0e3be693ab9ff51ba5ba15f683.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
5b67517eeb4645cca083400b697cd515c558dc0e3be693ab9ff51ba5ba15f683.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
5b67517eeb4645cca083400b697cd515c558dc0e3be693ab9ff51ba5ba15f683
-
Size
1.1MB
-
MD5
ba07b251e27f448a957f762710cc33f9
-
SHA1
744bd78be714cd94cdc1dcca33ab9fef3e4c65ad
-
SHA256
5b67517eeb4645cca083400b697cd515c558dc0e3be693ab9ff51ba5ba15f683
-
SHA512
1a168931433477da0ea2090e6f1d4e2df975e50bbd96f55629a8ce0d15d598361b4e4a80efb52b4cbec829ab2ee77183668708fa2603cb41779677119c9f6a5b
-
SSDEEP
24576:1AHnh+eWsN3skA4RV1Hom2KXMmHaFi55yutCCbStR0RWXPYJ51Kg5:kh+ZkldoPK8YaFEykCCbStRfX051p
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-