General
-
Target
payment advice 04.06.2024.r10.rar
-
Size
653KB
-
Sample
240705-h9ja8svark
-
MD5
e1951a22ad80f01ab5cf33c1d78bdd04
-
SHA1
3cf012bdda88cda41e30215956a7b12684aedeb4
-
SHA256
b4a16aa8a75103a7740dc1cfaf67fa5accaee9e2e69b092e217e683befed16ff
-
SHA512
64757db7480e5cd39704bdd024ba9655c0c078172f77d8491a2c0ccbe168c3f4baab94191ac25435d2d30391b3fb971b80816ec1b88cfdab4fe6e8e97b35d607
-
SSDEEP
12288:a4JPsgbA2lMzp8RVOlAGaLBiUchMS3f/0Wz5N02xKa+AMI+TwfhiqQSQqOul:5J0gb1lMyOlAGaLpEj5z5N06KlI+Twfd
Static task
static1
Behavioral task
behavioral1
Sample
XX(1).exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
XX(1).exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
XX(1).exe
-
Size
1.1MB
-
MD5
ceee05227b74e5a1e6d89f3b1cdfd24b
-
SHA1
7c7038b477f3d68226abf7eb1f8b4e9b9cfae331
-
SHA256
0f30bd5220de4c7fb2d426a392b5fcdbf1062b33a65761cb2af0d4732a2b2c2e
-
SHA512
931eed40bcb985de50c631f1b2565edf4bcdc78d56d9e2b31c608a634367c227325152dc4644d498924bcc09d5a11f3ace19193b9d1ea4aa897747f2b073a4c9
-
SSDEEP
24576:WAHnh+eWsN3skA4RV1Hom2KXMmHabDXVNuE25:xh+ZkldoPK8YabD3A
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-