General
-
Target
0b0cd503d287cbc0d4ecf74c87b64730N.exe
-
Size
1.2MB
-
Sample
240727-14mqksvapf
-
MD5
0b0cd503d287cbc0d4ecf74c87b64730
-
SHA1
9df4410468579f2f454751e10cd4a117b71c7336
-
SHA256
673f5ec608cafec3fd67b2ee20cc966560c0a4d255788741ad8c6c2711df7f73
-
SHA512
1f1b4db38a321a76a5bb3fb68486a48c7ab17bd0cfe90b461addf73a26a7c2ca1ccc21d452cd966b8eb38bf35391f04aaf0bcad4f2e87fda46b90e08572b8958
-
SSDEEP
24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8afEBkoNOq507:zTvC/MTQYxsWR7afEBQM0
Static task
static1
Behavioral task
behavioral1
Sample
0b0cd503d287cbc0d4ecf74c87b64730N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0b0cd503d287cbc0d4ecf74c87b64730N.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
0b0cd503d287cbc0d4ecf74c87b64730N.exe
-
Size
1.2MB
-
MD5
0b0cd503d287cbc0d4ecf74c87b64730
-
SHA1
9df4410468579f2f454751e10cd4a117b71c7336
-
SHA256
673f5ec608cafec3fd67b2ee20cc966560c0a4d255788741ad8c6c2711df7f73
-
SHA512
1f1b4db38a321a76a5bb3fb68486a48c7ab17bd0cfe90b461addf73a26a7c2ca1ccc21d452cd966b8eb38bf35391f04aaf0bcad4f2e87fda46b90e08572b8958
-
SSDEEP
24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8afEBkoNOq507:zTvC/MTQYxsWR7afEBQM0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-