General
-
Target
4f6458af1ce151efa023e9ad0580b5528c39114057d30d46b4427cb5185786e9.r00
-
Size
668KB
-
Sample
240913-h6d74s1frh
-
MD5
544cd64a7725187da521b11766442ef7
-
SHA1
11c8e68b4e75fbc1e213846d7592d69c0959e7c8
-
SHA256
4f6458af1ce151efa023e9ad0580b5528c39114057d30d46b4427cb5185786e9
-
SHA512
57deb1d51d0e83cf81d63a28565878574d0170ccf2f5da24bca9323895ac2cb2e8ba854b9253916429b4d9b3e2b931bd40efd2cf860951e3c391cc3da43d01a1
-
SSDEEP
12288:SwKcL+zXtlON1MS6eW/Wx1KOiIhbmC6ZolkN6wABuXeFgZ5w9jgli2Kv8hHFq+S0:SM6zdlOds/C1WIVJ8oSABuOF85w9cliW
Static task
static1
Behavioral task
behavioral1
Sample
YMLUI275163148 - BL.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
YMLUI275163148 - BL.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
YMLUI275163148 - BL.exe
-
Size
1.1MB
-
MD5
efeb57a449ccc8158f1c4ae374b62959
-
SHA1
d097f10d18f72a86ad3406311163606d5668b520
-
SHA256
79951afadbd96fb9b16f3d4fe5564e83cca60628082262752d243f0c30d145e2
-
SHA512
060341f86969d0bf7461925f9d937b780b480ab784daadafa9788b4d75d57ac44bee990ed282b3bac66cbeb4663f4c09619138186553c3704d625f2f3634d7c9
-
SSDEEP
24576:U4lavt0LkLL9IMixoEgeaVrgVTlY03AroJUEGq9MmCS:jkwkn9IMHeaV8TmzroYaPCS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-