General
-
Target
73d6645c5ef1d09778dbd071dcfeb129c44ba08448b6bb03018d3c99fff08c45
-
Size
1.0MB
-
Sample
240917-lp88pswflr
-
MD5
1e880306ec36b5b7a50b813c43d6fbec
-
SHA1
115c74916216be3c44e65eac2e337b81007bc006
-
SHA256
73d6645c5ef1d09778dbd071dcfeb129c44ba08448b6bb03018d3c99fff08c45
-
SHA512
e29a8b70ac7a603f3bfc1a18368e31712d006fdb07409575fa9e02f2225c25f763e917034347de042e0cba8564549eef734ed0b96def670c9d17e8acc2ac60de
-
SSDEEP
24576:kY7tC/D80olUcTaMAwtctTPIbaklxlZSrSfFRNGrXU1rXr:kYpi80olUcTaMAwL+2oOfFHGrs
Static task
static1
Behavioral task
behavioral1
Sample
Product Data Specifications_PDF.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Product Data Specifications_PDF.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Product Data Specifications_PDF.exe
-
Size
1.4MB
-
MD5
6910f19b8cee8c88b17ca66e8d4db121
-
SHA1
94d9f9921e3b49c78f1efad12d0ab935eb32565b
-
SHA256
d2b9665a5de1b1972bf4c24deb8678fbcaa6f3dae53b6cd33614f31859dc3f62
-
SHA512
913ad116052a0b4b9e8b9dab3bed13be830e51d3964da0b5cdea30d87b8cabcc04c5b389b2f9b31958bf7014b463d8b8a6d4eedc6961a4875ff02aab1d086752
-
SSDEEP
24576:/RmJkcoQricOIQxiZY1iajD7nanYWbcvXrCbaCf5lZErWV7PzGPXeLrRH:UJZoQrbTFZY1iajXanYW9+qm6V7LGPS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-