General
-
Target
b1bcf5e927501287b97882cea985d7b93ec77363dac49bf83d1c0c8de2deaa78
-
Size
923KB
-
Sample
241116-bhbczszqcr
-
MD5
a5411f12c84838786028261b05610756
-
SHA1
4a7d38dd42e1f7321a343f777856d0879c1f3163
-
SHA256
b1bcf5e927501287b97882cea985d7b93ec77363dac49bf83d1c0c8de2deaa78
-
SHA512
bc25260522d48624d8bae01807c64b7f2fb092f0b7fb483d15e2688f478fcdeaba93d686e197498e9f489db6a956c748e626361502054674ad072b8dbe6af087
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCvt06cNDWceWA2T:7JZoQrbTFZY1iaCF06cgcX
Malware Config
Targets
-
-
Target
b1bcf5e927501287b97882cea985d7b93ec77363dac49bf83d1c0c8de2deaa78
-
Size
923KB
-
MD5
a5411f12c84838786028261b05610756
-
SHA1
4a7d38dd42e1f7321a343f777856d0879c1f3163
-
SHA256
b1bcf5e927501287b97882cea985d7b93ec77363dac49bf83d1c0c8de2deaa78
-
SHA512
bc25260522d48624d8bae01807c64b7f2fb092f0b7fb483d15e2688f478fcdeaba93d686e197498e9f489db6a956c748e626361502054674ad072b8dbe6af087
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCvt06cNDWceWA2T:7JZoQrbTFZY1iaCF06cgcX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-