General
-
Target
e81efea1ee8a5db71fd76af8c8acb4aa734f8a5f5e933ed67f3bee470820dc67
-
Size
858KB
-
Sample
240701-bc6xps1eje
-
MD5
42cf5b6a353e075197a827020924854a
-
SHA1
08daf826ddfa2f5f0a611968bc98e8ba7f01016a
-
SHA256
e81efea1ee8a5db71fd76af8c8acb4aa734f8a5f5e933ed67f3bee470820dc67
-
SHA512
825bbae160277fb57cdf00d5d206265c6206552d748ff8b9e9c3a9ed4dea974ab79963f038ee1024b587b1d5fde0e767587009063917da4dc7b61b6e6deee72e
-
SSDEEP
24576:/EN973phvt8tmUdkw1xG8fFjGMaOnO+pwFL9N09PPb:/EN973PvEL2wHBODLcPj
Behavioral task
behavioral1
Sample
e81efea1ee8a5db71fd76af8c8acb4aa734f8a5f5e933ed67f3bee470820dc67.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
e81efea1ee8a5db71fd76af8c8acb4aa734f8a5f5e933ed67f3bee470820dc67
-
Size
858KB
-
MD5
42cf5b6a353e075197a827020924854a
-
SHA1
08daf826ddfa2f5f0a611968bc98e8ba7f01016a
-
SHA256
e81efea1ee8a5db71fd76af8c8acb4aa734f8a5f5e933ed67f3bee470820dc67
-
SHA512
825bbae160277fb57cdf00d5d206265c6206552d748ff8b9e9c3a9ed4dea974ab79963f038ee1024b587b1d5fde0e767587009063917da4dc7b61b6e6deee72e
-
SSDEEP
24576:/EN973phvt8tmUdkw1xG8fFjGMaOnO+pwFL9N09PPb:/EN973PvEL2wHBODLcPj
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-