General
-
Target
21f82156dfa23d63ee3212c4bf0397f6c995e1872943dc38bf43392406be92d2
-
Size
1.2MB
-
Sample
241223-bkfqgstlan
-
MD5
85e56e01ad8da620baff69cf6fddc54c
-
SHA1
f4d9a5d05cd968e871e6104281a32472b268fb16
-
SHA256
21f82156dfa23d63ee3212c4bf0397f6c995e1872943dc38bf43392406be92d2
-
SHA512
135b406a52d848fd9dd245b40d8486fa143617e7d9e482cd7dcffe7b561656dd457b391c6fa2d61f0a248a8cf0a6fd84c382f227b10df5469d2618ba1e49dbb1
-
SSDEEP
24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8aYC11LueirOB95UM:ITvC/MTQYxsWR7aY6+rOB95
Static task
static1
Behavioral task
behavioral1
Sample
21f82156dfa23d63ee3212c4bf0397f6c995e1872943dc38bf43392406be92d2.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
21f82156dfa23d63ee3212c4bf0397f6c995e1872943dc38bf43392406be92d2
-
Size
1.2MB
-
MD5
85e56e01ad8da620baff69cf6fddc54c
-
SHA1
f4d9a5d05cd968e871e6104281a32472b268fb16
-
SHA256
21f82156dfa23d63ee3212c4bf0397f6c995e1872943dc38bf43392406be92d2
-
SHA512
135b406a52d848fd9dd245b40d8486fa143617e7d9e482cd7dcffe7b561656dd457b391c6fa2d61f0a248a8cf0a6fd84c382f227b10df5469d2618ba1e49dbb1
-
SSDEEP
24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8aYC11LueirOB95UM:ITvC/MTQYxsWR7aY6+rOB95
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-