General
-
Target
0fb24af7451beccd52e3e128ad7289a211a94cdd229e6bc77aa6d9a862ee7a81
-
Size
338KB
-
Sample
241123-chhbza1mhn
-
MD5
f96ea93b72fdfc1fd6ece452d9878e61
-
SHA1
f6bafd201d5ca3fd0292ee97a96a4b30cbb9a5bb
-
SHA256
0fb24af7451beccd52e3e128ad7289a211a94cdd229e6bc77aa6d9a862ee7a81
-
SHA512
ced412eec8b1e0d4667bc1ca2d583f9c0d10666256dfec8823bfee4ddddef68bce069894ab1c8ccecb6a7833c450de5ef1759d16393d14ef9fb2604a8b3b46eb
-
SSDEEP
6144:GBlL/HO9V9T1HKlyBtCv1KIhxSVabyXOylMYZ7Q/q:EtQF1H0yB01L3Yau+7YVgq
Malware Config
Targets
-
-
Target
0fb24af7451beccd52e3e128ad7289a211a94cdd229e6bc77aa6d9a862ee7a81
-
Size
338KB
-
MD5
f96ea93b72fdfc1fd6ece452d9878e61
-
SHA1
f6bafd201d5ca3fd0292ee97a96a4b30cbb9a5bb
-
SHA256
0fb24af7451beccd52e3e128ad7289a211a94cdd229e6bc77aa6d9a862ee7a81
-
SHA512
ced412eec8b1e0d4667bc1ca2d583f9c0d10666256dfec8823bfee4ddddef68bce069894ab1c8ccecb6a7833c450de5ef1759d16393d14ef9fb2604a8b3b46eb
-
SSDEEP
6144:GBlL/HO9V9T1HKlyBtCv1KIhxSVabyXOylMYZ7Q/q:EtQF1H0yB01L3Yau+7YVgq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/kivlxw.dll
-
Size
20KB
-
MD5
575dc70fae96e23a93aef3ebfdfb525b
-
SHA1
7589bbf471165323d4c0e92b8be101d95cbbeb2f
-
SHA256
bc3cc067575a5ec3bd8fb5d1329b6f32586fd09f038fc5fafac92c2da081711e
-
SHA512
e385b8286ffeab6252e6b99a1434b9c7526edf128e6558718add8edf0b60e24a9fc82aee34986fb517907ac966dbe7847d0115b53357f49d43c46acd1dc0a334
-
SSDEEP
384:2wUx0iyAIXYjOt8coEzHz+L8VJa9/zMJqkaVojM:2wUx0iyAIoKDzHzL4MJqkKo
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-