General
-
Target
Loader.exe
-
Size
1.6MB
-
Sample
240628-1czk3asfjh
-
MD5
53a8f7fcd91f5fe3dd76e22d83709d51
-
SHA1
9b2c1bdb6d02dc807dcf0185649e9e790ac8226c
-
SHA256
469796c41aa2ac6c574582a7894179a7f727cc3b7e78a512acf5ce2d2b82f80f
-
SHA512
910e0d9604583e9f0e1c96962a1988b8b0861031f40a38b3dc48440e8e9680513d9cf4734bb16cac0507087ee41a058bcdce2d7fe4dd1cffd937496e42507daa
-
SSDEEP
49152:dKTewD+uWhJbH2nHqtp/oNbm0RNzXrgCW5wpKn:dKTt+uAdWnHqtONbm0TbgCWCon
Static task
static1
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
1.6MB
-
MD5
53a8f7fcd91f5fe3dd76e22d83709d51
-
SHA1
9b2c1bdb6d02dc807dcf0185649e9e790ac8226c
-
SHA256
469796c41aa2ac6c574582a7894179a7f727cc3b7e78a512acf5ce2d2b82f80f
-
SHA512
910e0d9604583e9f0e1c96962a1988b8b0861031f40a38b3dc48440e8e9680513d9cf4734bb16cac0507087ee41a058bcdce2d7fe4dd1cffd937496e42507daa
-
SSDEEP
49152:dKTewD+uWhJbH2nHqtp/oNbm0RNzXrgCW5wpKn:dKTt+uAdWnHqtONbm0TbgCWCon
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Legitimate hosting services abused for malware hosting/C2
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-