General
-
Target
3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26
-
Size
279KB
-
Sample
220308-lmtegafhfk
-
MD5
385a9512ddecd69116dfa97bf7e6be06
-
SHA1
f7ec0e9b790b42c5a1b094460879674af1c65806
-
SHA256
3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26
-
SHA512
8490ebdf4466b98f189ef4a2092ec68534013dea1fa71f34577d0d93c5f9e5d317b6eec4f9de6de4f68a8af98b45e72f007646dc64417f7c6b7ab77f69af4ac6
Static task
static1
Behavioral task
behavioral1
Sample
3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26.exe
Resource
win10-20220223-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5013020608:AAFu_btAZRcQ9V-SvEIxL9rCbb_x1A-9IJo/sendDocument
Targets
-
-
Target
3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26
-
Size
279KB
-
MD5
385a9512ddecd69116dfa97bf7e6be06
-
SHA1
f7ec0e9b790b42c5a1b094460879674af1c65806
-
SHA256
3f052dcdd51d6e08fd7cc2bf9e60516120f66b241d6deb5f91c1669f554bbb26
-
SHA512
8490ebdf4466b98f189ef4a2092ec68534013dea1fa71f34577d0d93c5f9e5d317b6eec4f9de6de4f68a8af98b45e72f007646dc64417f7c6b7ab77f69af4ac6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-