General
-
Target
cb9ee01af339913452877ef2e8b5740836c7b56e3807ecea1b0ccacb61e7fbd5
-
Size
1.2MB
-
Sample
241016-zpyc4awbnr
-
MD5
a3edde17d6cc8f601236f34949de23f0
-
SHA1
c5e13b3991a5aa8ef52e3ca586dd5c001ebd5b8c
-
SHA256
cb9ee01af339913452877ef2e8b5740836c7b56e3807ecea1b0ccacb61e7fbd5
-
SHA512
e3d09b87a9bccff037d1af5ac550712c44a344f92c1b127eae95c03748cda35ab7fa931f158323b2dc0ac8b14a8e4097b8e864dbdd3f8129131d7dd24d535c01
-
SSDEEP
24576:xAHnh+eWsN3skA4RV1Hom2KXMmHag3PDQBQSKbbTgzMGgA5:Ih+ZkldoPK8Yag/yQfgzMGT
Malware Config
Targets
-
-
Target
cb9ee01af339913452877ef2e8b5740836c7b56e3807ecea1b0ccacb61e7fbd5
-
Size
1.2MB
-
MD5
a3edde17d6cc8f601236f34949de23f0
-
SHA1
c5e13b3991a5aa8ef52e3ca586dd5c001ebd5b8c
-
SHA256
cb9ee01af339913452877ef2e8b5740836c7b56e3807ecea1b0ccacb61e7fbd5
-
SHA512
e3d09b87a9bccff037d1af5ac550712c44a344f92c1b127eae95c03748cda35ab7fa931f158323b2dc0ac8b14a8e4097b8e864dbdd3f8129131d7dd24d535c01
-
SSDEEP
24576:xAHnh+eWsN3skA4RV1Hom2KXMmHag3PDQBQSKbbTgzMGgA5:Ih+ZkldoPK8Yag/yQfgzMGT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-