General
-
Target
21102024_1616_21102024_IMP1573.tar
-
Size
898KB
-
Sample
241021-tq8ybsyeme
-
MD5
cd0dc0866418282b5d752426070e9e54
-
SHA1
2a36d38e17c342e9dfa2416b3f83f1c4a006d497
-
SHA256
dc3e57f15f9b5b344fd377a6c9bb48f1b8be1c6ea8f19927a3f11b1acfe91f05
-
SHA512
6469bfaefa9014e6edd8d581d6213fa02d15506086318fa209dc8e489237dc247ec25f865884a6b17de40a4a6501240a28e58379f2f2e7a6bfcdabcb3b28aae5
-
SSDEEP
24576:SQE7NFqah7SWDEEqMPr5Q8ZPLHxcNiVkOApkt:kNFFeWT9tdBkOH
Static task
static1
Behavioral task
behavioral1
Sample
IMP1573.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
IMP1573.exe
-
Size
1.2MB
-
MD5
694e2741ef8bcff53daebbd952eca657
-
SHA1
84941bfd773a8b90c7964146cc190183bd3f05cd
-
SHA256
d46af2ac469d8dbf11b13e79c6a2090471d4a81aa3f950ace8c94c3999fbfe97
-
SHA512
86c631ede94a65903b6a6ec540b9608cb7d33a6a87fb6415d27109e5a822fef3610121d5b347d1384519e062a2895f9b95aa86b29ed3fcd6ed0af99793ad7911
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLd7pyQxoXp5+8pXlDwBYCSVSDLra/9:f3v+7/5QLVpvxEX10BYPS3ra/9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-