General
-
Target
39b12628d654ed8688210e5a1d73b37aa2d1807ecafce9cdbfc8f8e4eee6a277
-
Size
759KB
-
Sample
240913-k4hhvsvgqm
-
MD5
ffa2bc436353b4c2d5cb71e6f82ceb99
-
SHA1
93e6f60339ef77e6db850541f0b0fbba858f0df0
-
SHA256
39b12628d654ed8688210e5a1d73b37aa2d1807ecafce9cdbfc8f8e4eee6a277
-
SHA512
8c22e7b8bd0039d1022d6d37a659e3eafa4c1a5cc168961828b00a51961299842718e76db6cad3efedc865a4990463ad79bd99548ee3a0ee7e85db1b20b3226f
-
SSDEEP
12288:y/qqYClilAXG4chRgTm9a1Rwoq8DJ1zEcXjgJVrlP/ubuVSwj3F6oAopspA0hnwX:OqFyG4+gTtPwHwJ1T8Fp/yerDpsrhnt4
Static task
static1
Behavioral task
behavioral1
Sample
34686435161bf43bd4c33df68a733b72ac73c24e5cd1d8fa473a7f55c373ab70.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
34686435161bf43bd4c33df68a733b72ac73c24e5cd1d8fa473a7f55c373ab70.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
34686435161bf43bd4c33df68a733b72ac73c24e5cd1d8fa473a7f55c373ab70.exe
-
Size
1.2MB
-
MD5
7133ab55e31ea1b16b141a561d5c3b27
-
SHA1
f08bf25e27b467460a5fecfa421c0555d4c88616
-
SHA256
34686435161bf43bd4c33df68a733b72ac73c24e5cd1d8fa473a7f55c373ab70
-
SHA512
7d54f51c80f3e3ab3a1b86176d22c49241bfa0bd24b2ec81c38ad193c4491cd46dc55aedf410c5ce5b69fc634fb92966ac6dda4353dda146ac43f9072bcb9697
-
SSDEEP
24576:C4lavt0LkLL9IMixoEgea6RyGw86lPCEYq9MmCS:1kwkn9IMHea6RRw8u69aPCS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-