General
-
Target
b54b494944a8b5268e3d3190c5a45af28afdada7eb0fc85fece3c22e2d31b3f1
-
Size
1.5MB
-
Sample
240701-wm5gvavhkl
-
MD5
7d50650cd2ba63482d4caf875ae65a8e
-
SHA1
037e5a7f82d5c436f744e5b7475f6264c32e6519
-
SHA256
b54b494944a8b5268e3d3190c5a45af28afdada7eb0fc85fece3c22e2d31b3f1
-
SHA512
cc245b8725f43a80a80e25ed3b266293592abda1f451cf80b30b42f90cac4b1898200673b2c87b58c0bcb022d4eb1bfa7a4cbc6ab2f46a3f6ec113842c7fcbb7
-
SSDEEP
24576:kAHnh+eWsN3skA4RV1Hom2KXMmHa5rS/G23VGNGfi8mBLWUK5:zh+ZkldoPK8Ya5+/x3VGNJZy
Static task
static1
Behavioral task
behavioral1
Sample
b54b494944a8b5268e3d3190c5a45af28afdada7eb0fc85fece3c22e2d31b3f1.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
b54b494944a8b5268e3d3190c5a45af28afdada7eb0fc85fece3c22e2d31b3f1.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
b54b494944a8b5268e3d3190c5a45af28afdada7eb0fc85fece3c22e2d31b3f1
-
Size
1.5MB
-
MD5
7d50650cd2ba63482d4caf875ae65a8e
-
SHA1
037e5a7f82d5c436f744e5b7475f6264c32e6519
-
SHA256
b54b494944a8b5268e3d3190c5a45af28afdada7eb0fc85fece3c22e2d31b3f1
-
SHA512
cc245b8725f43a80a80e25ed3b266293592abda1f451cf80b30b42f90cac4b1898200673b2c87b58c0bcb022d4eb1bfa7a4cbc6ab2f46a3f6ec113842c7fcbb7
-
SSDEEP
24576:kAHnh+eWsN3skA4RV1Hom2KXMmHa5rS/G23VGNGfi8mBLWUK5:zh+ZkldoPK8Ya5+/x3VGNJZy
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-