General
-
Target
ff5e3bb8f76eae7317ad5ff1b46b04f4ac3a9c9437c7b983e6a8889c6d96ea56N.exe
-
Size
35KB
-
Sample
241225-vdkkmszkaj
-
MD5
9ae685efdf4a33b7b452d74c14e033a0
-
SHA1
65a624966c7c3829a845a6646d7453b06d7d5618
-
SHA256
ff5e3bb8f76eae7317ad5ff1b46b04f4ac3a9c9437c7b983e6a8889c6d96ea56
-
SHA512
fd9106bd7c84bb7a8421fb9561dfebeed235582662cffd6c5ec0347c9a3653671e6795e84a18e86b834aeb3bd127ab84cf83054d3c36b74c7e98f61d88b5d8d7
-
SSDEEP
384:XZirz04kYcm5oRVPUn30CDG1iZMJSalHXeqZhsWIgDWsjxZUtO4f54A:Mi+5uVPUn30gGEZQH5SAXJ4f54A
Malware Config
Targets
-
-
Target
ff5e3bb8f76eae7317ad5ff1b46b04f4ac3a9c9437c7b983e6a8889c6d96ea56N.exe
-
Size
35KB
-
MD5
9ae685efdf4a33b7b452d74c14e033a0
-
SHA1
65a624966c7c3829a845a6646d7453b06d7d5618
-
SHA256
ff5e3bb8f76eae7317ad5ff1b46b04f4ac3a9c9437c7b983e6a8889c6d96ea56
-
SHA512
fd9106bd7c84bb7a8421fb9561dfebeed235582662cffd6c5ec0347c9a3653671e6795e84a18e86b834aeb3bd127ab84cf83054d3c36b74c7e98f61d88b5d8d7
-
SSDEEP
384:XZirz04kYcm5oRVPUn30CDG1iZMJSalHXeqZhsWIgDWsjxZUtO4f54A:Mi+5uVPUn30gGEZQH5SAXJ4f54A
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-