General
-
Target
dbcc41789293775c90032d6b77686f0a572dbfe0b0a7932a70b8fb7e9b76c94a
-
Size
858KB
-
Sample
240629-bdk2mazfkk
-
MD5
75bffd64a4e5d3f3018caf79fdaf3fda
-
SHA1
f1521c653bb6207008ca82909102036f46325106
-
SHA256
dbcc41789293775c90032d6b77686f0a572dbfe0b0a7932a70b8fb7e9b76c94a
-
SHA512
ef9f8b2602f17c52bae9ad5f78322078b1f07800f7da9bac1e6e28358eafa6f58d37a4777d61bc131b580e45a44ea2a01211260ab22fa9363c15d98dc0bfbd3d
-
SSDEEP
24576:/EN973phvt8tmUdkw1xG8fFjGMaOnO+pwFL9N09PPU:/EN973PvEL2wHBODLcPs
Behavioral task
behavioral1
Sample
dbcc41789293775c90032d6b77686f0a572dbfe0b0a7932a70b8fb7e9b76c94a.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
dbcc41789293775c90032d6b77686f0a572dbfe0b0a7932a70b8fb7e9b76c94a
-
Size
858KB
-
MD5
75bffd64a4e5d3f3018caf79fdaf3fda
-
SHA1
f1521c653bb6207008ca82909102036f46325106
-
SHA256
dbcc41789293775c90032d6b77686f0a572dbfe0b0a7932a70b8fb7e9b76c94a
-
SHA512
ef9f8b2602f17c52bae9ad5f78322078b1f07800f7da9bac1e6e28358eafa6f58d37a4777d61bc131b580e45a44ea2a01211260ab22fa9363c15d98dc0bfbd3d
-
SSDEEP
24576:/EN973phvt8tmUdkw1xG8fFjGMaOnO+pwFL9N09PPU:/EN973PvEL2wHBODLcPs
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-