General
-
Target
c277827a2afe5d23f11448d75291342c.exe
-
Size
513KB
-
Sample
210727-w42rl6kbhs
-
MD5
c277827a2afe5d23f11448d75291342c
-
SHA1
84528fcebd7c5dd3b118dad30bbb3ee30566f98e
-
SHA256
be98f101070d1ef350f5d1768e640f5f23b047f890fde74495e49b9f6fa4d00b
-
SHA512
eadd268f6e0932fcb70be92a55d7af04811943c655ea9abb464f6358fe36f7f34b38d2ee29ec2a36c890987cdbc1f1b694d358f488b1d274d64f3924d957e156
Static task
static1
Behavioral task
behavioral1
Sample
c277827a2afe5d23f11448d75291342c.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
c277827a2afe5d23f11448d75291342c.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1805574870:AAHXBVpTNJET3oRosoa2brFL9_G19NkXu8I/sendDocument
Targets
-
-
Target
c277827a2afe5d23f11448d75291342c.exe
-
Size
513KB
-
MD5
c277827a2afe5d23f11448d75291342c
-
SHA1
84528fcebd7c5dd3b118dad30bbb3ee30566f98e
-
SHA256
be98f101070d1ef350f5d1768e640f5f23b047f890fde74495e49b9f6fa4d00b
-
SHA512
eadd268f6e0932fcb70be92a55d7af04811943c655ea9abb464f6358fe36f7f34b38d2ee29ec2a36c890987cdbc1f1b694d358f488b1d274d64f3924d957e156
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-