General
-
Target
4b575e669f390ab39c082e6d8133708b
-
Size
1.2MB
-
Sample
211207-p4mj2acbc6
-
MD5
4b575e669f390ab39c082e6d8133708b
-
SHA1
761d75179627f35dbda43fdb6e2d83a3fbd8ec97
-
SHA256
9cd6d23182be8c80adb829e2166460ae654c1fb32a23ad25d56f1aa33bffc728
-
SHA512
00517d8cbd98072d09de893bec9329feeeee29f465ab74272a63232056a5e48cbba969b76d943ccb7617e5aba3bfeea631a012bd8296f0d3a191d86cafe6039e
Static task
static1
Behavioral task
behavioral1
Sample
4b575e669f390ab39c082e6d8133708b.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
4b575e669f390ab39c082e6d8133708b.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5001070930:AAGS6zcnpfl-Q3wAAaVHDGdca4bVokv7sYg/sendDocument
Targets
-
-
Target
4b575e669f390ab39c082e6d8133708b
-
Size
1.2MB
-
MD5
4b575e669f390ab39c082e6d8133708b
-
SHA1
761d75179627f35dbda43fdb6e2d83a3fbd8ec97
-
SHA256
9cd6d23182be8c80adb829e2166460ae654c1fb32a23ad25d56f1aa33bffc728
-
SHA512
00517d8cbd98072d09de893bec9329feeeee29f465ab74272a63232056a5e48cbba969b76d943ccb7617e5aba3bfeea631a012bd8296f0d3a191d86cafe6039e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-