General
-
Target
2553f424ecb8f9a07e4d4fd110adadcf.exe
-
Size
461KB
-
Sample
210727-jzanj72m6s
-
MD5
2553f424ecb8f9a07e4d4fd110adadcf
-
SHA1
c82344a66717312df4ce2f126c5912b98b1003db
-
SHA256
49410b049129225af89fba012073e14ad171e27924af79e0d79bb60191e81f33
-
SHA512
60df84c8bd26370970329f9de3e181fbf4ca84d5e1a2584a9ea19c49f253c55316f0a90b33a6c7b118bd59d2b00ef073aaeb605c9ea6ccf6043f4c6f8ef87f2a
Static task
static1
Behavioral task
behavioral1
Sample
2553f424ecb8f9a07e4d4fd110adadcf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2553f424ecb8f9a07e4d4fd110adadcf.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1846829589:AAHSsEDTKvDOQ17YrNRY5_FXv5z4mpfGRIc/sendDocument
Targets
-
-
Target
2553f424ecb8f9a07e4d4fd110adadcf.exe
-
Size
461KB
-
MD5
2553f424ecb8f9a07e4d4fd110adadcf
-
SHA1
c82344a66717312df4ce2f126c5912b98b1003db
-
SHA256
49410b049129225af89fba012073e14ad171e27924af79e0d79bb60191e81f33
-
SHA512
60df84c8bd26370970329f9de3e181fbf4ca84d5e1a2584a9ea19c49f253c55316f0a90b33a6c7b118bd59d2b00ef073aaeb605c9ea6ccf6043f4c6f8ef87f2a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-