General
-
Target
01072024_1104_01072024_Rechnung.rar
-
Size
697KB
-
Sample
240701-m6j6ksxgrd
-
MD5
c454720b18c5b2e38a53d496dcee2f95
-
SHA1
e432e35b4f102f665695361a9e82cd6a8eb7eadc
-
SHA256
a071b2fe3a0f6a0298f93fd317b156a2a849163dcd899d074454ff8c1c64f215
-
SHA512
769d4c14abb2d6528148cbc65d187fea9820467baa90ff1cb8b8e84a0a18a104f33e035bcf9076ebddfa2914b04292461fbb03166b4e9e402b0f2de75a7e62d6
-
SSDEEP
12288:Zeo/x/hOyH6Me6H29GxNlObcbJXr8TzWKaPdnGuwtARnigBHJF2dJJqy:Zh/qrn6H2cLlwctuzWKudwtAJigBH72D
Static task
static1
Behavioral task
behavioral1
Sample
Rechnung.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Rechnung.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Rechnung.exe
-
Size
1.2MB
-
MD5
68d578e65d29914850f73fd7b74b6eb9
-
SHA1
e3acde3f3f4c54a92c5ac26c5a2c821fee8c9afa
-
SHA256
a6626f2d5d6338a226e5a11da7aa5a67035f8783f54aa1b8b72adf8d7d1a06c2
-
SHA512
a774a305e72c25df6787026fa4c899190375fc07623f5fbc900dc24719f10962904b969cfea4482f19019e6ebfba0bb4b6df9db2e55fcc1caa14d57b64271a6c
-
SSDEEP
24576:WAHnh+eWsN3skA4RV1Hom2KXMmHa4AvYH17u/Y0i5:xh+ZkldoPK8Ya4Av6KYN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-