General
-
Target
1b5231db9ecf854eff2ac1709f121a6c26c263e4b7975674c61bf6de705227a3
-
Size
858KB
-
Sample
240701-bfjlksvbrq
-
MD5
ab816e184fb037214548c813795ede45
-
SHA1
19ee539d547e67119f0314a261c7220bf5a8399f
-
SHA256
1b5231db9ecf854eff2ac1709f121a6c26c263e4b7975674c61bf6de705227a3
-
SHA512
70464e04a7c6777836c35354b5e28ea3fa41adbb498d268756d42b341752962fb055769302cc17cc38ea1c19c053dda0c9f8b3fb469fdfb7993802d2f875a933
-
SSDEEP
24576:/EN973phvt8tmUdkw1xG8fFjGMaOnO+pwFL9N09PPP:/EN973PvEL2wHBODLcPX
Behavioral task
behavioral1
Sample
1b5231db9ecf854eff2ac1709f121a6c26c263e4b7975674c61bf6de705227a3.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
1b5231db9ecf854eff2ac1709f121a6c26c263e4b7975674c61bf6de705227a3
-
Size
858KB
-
MD5
ab816e184fb037214548c813795ede45
-
SHA1
19ee539d547e67119f0314a261c7220bf5a8399f
-
SHA256
1b5231db9ecf854eff2ac1709f121a6c26c263e4b7975674c61bf6de705227a3
-
SHA512
70464e04a7c6777836c35354b5e28ea3fa41adbb498d268756d42b341752962fb055769302cc17cc38ea1c19c053dda0c9f8b3fb469fdfb7993802d2f875a933
-
SSDEEP
24576:/EN973phvt8tmUdkw1xG8fFjGMaOnO+pwFL9N09PPP:/EN973PvEL2wHBODLcPX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-