General
-
Target
3f15ee0396f43e1b8d107bb26d820ec3e01502f8db659294ba0db483b719a5ee
-
Size
264KB
-
Sample
240428-bf4azsce38
-
MD5
b0238e86a573cabec9f5f57db01fd3f6
-
SHA1
020bd66397186c876f81a01e7b5511bb09fef981
-
SHA256
3f15ee0396f43e1b8d107bb26d820ec3e01502f8db659294ba0db483b719a5ee
-
SHA512
1156a455f96dfcd47c9320880297989312f7d6b0c6a3f2446333c6c4796d03c46eea671c454538d4428466c0e2ac7a71db76b201988164167e3d28751dae091d
-
SSDEEP
3072:+qqaM97eOTPiK3DruiiF/XbKjPQ18lyiQBWqmj6MILxyq3CIH4KBtDXq5N7B5Cum:9CteODDmzK1yimMIFh6FksKBMHbVRMlp
Behavioral task
behavioral1
Sample
3f15ee0396f43e1b8d107bb26d820ec3e01502f8db659294ba0db483b719a5ee.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3f15ee0396f43e1b8d107bb26d820ec3e01502f8db659294ba0db483b719a5ee.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5662683474:AAFvSjyPXTiwhBPcFi8of3_-_FCdfhhN8x0/
Targets
-
-
Target
3f15ee0396f43e1b8d107bb26d820ec3e01502f8db659294ba0db483b719a5ee
-
Size
264KB
-
MD5
b0238e86a573cabec9f5f57db01fd3f6
-
SHA1
020bd66397186c876f81a01e7b5511bb09fef981
-
SHA256
3f15ee0396f43e1b8d107bb26d820ec3e01502f8db659294ba0db483b719a5ee
-
SHA512
1156a455f96dfcd47c9320880297989312f7d6b0c6a3f2446333c6c4796d03c46eea671c454538d4428466c0e2ac7a71db76b201988164167e3d28751dae091d
-
SSDEEP
3072:+qqaM97eOTPiK3DruiiF/XbKjPQ18lyiQBWqmj6MILxyq3CIH4KBtDXq5N7B5Cum:9CteODDmzK1yimMIFh6FksKBMHbVRMlp
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-