General
-
Target
Ref. #EXQ-21-2911 zip 325637.rar
-
Size
356KB
-
Sample
211202-qdmyjsbgf9
-
MD5
96aa7d8e0cfb11061c4737b9ee9f7650
-
SHA1
9b39c5c8761d8033389e861eb92a9d04ed502daf
-
SHA256
879025f0c18c9b9f6ccd40c7cb080d9c1f1832a1a3e33ad4248f636ade5f5c06
-
SHA512
a68027c9c846c2552f9c5918bcdbb582ca6c077bffa2229f64137c2676e3746aa6e5c55882acb161d7c5a2f63ab078e48b148029fdba4c8e9c00e9271690a14f
Static task
static1
Behavioral task
behavioral1
Sample
Ref. #EXQ-21-2911 zip 325637.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Ref. #EXQ-21-2911 zip 325637.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2142399843:AAEIp_i4m3MsSw_cMxsjWVR6wiMUP2LDrvg/sendDocument
Targets
-
-
Target
Ref. #EXQ-21-2911 zip 325637.exe
-
Size
371KB
-
MD5
ece9b6b1f88aee486ce02418c53a1b17
-
SHA1
1e489c4d332257712d95ba2d6ff93329962c46bd
-
SHA256
70c4072f4f52adc69c331fa7cf5d22bef0da2661a4d2d9b3efe18dd19c8388a2
-
SHA512
63e97fc74d7d9088bc9ad9b9d458455c5f7949bfb44efb344590968b09a7d77f3b6ef58f56ad8d65092aaff5098a20125b3be7646739ea547c84234269b9d8a6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-