General
-
Target
PO#88224.rar
-
Size
523KB
-
Sample
220930-rl9mysefgj
-
MD5
f1e18bae2646e85cbc5c78d0005c34be
-
SHA1
f44b3f73b685c0840e388c79c1b8220bce8d5093
-
SHA256
7e7fc6b71ce7f7dccba128722e4f32004a854253a736368dac4272584fedcc6d
-
SHA512
a0cf52daed013ba31fc940f707ae7d98b9c783555b7e2ad9d67051278758b75628cd2790dbbb58b7edb8946da1b8426f59e33dc78d86939ffb443017f88739f3
-
SSDEEP
12288:8IZP3FXuO3KG95sDoEZQ60vqkATCVv2IHqoA9gUgKX8n7Dwy:RZNuO3KssjmvDATCV5LNK+7My
Static task
static1
Behavioral task
behavioral1
Sample
PO#88224.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO#88224.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5662683474:AAFvSjyPXTiwhBPcFi8of3_-_FCdfhhN8x0/
Targets
-
-
Target
PO#88224.exe
-
Size
781KB
-
MD5
05963cbe736805e0168a5fb3d6e6ae6b
-
SHA1
14dd852164396f3e05b6b3469263c497851f6f0c
-
SHA256
61b7c784665ee5e76aec4437bfcf67378d075f26fbb3a0dcabce328b3778a8be
-
SHA512
51b9207c2ccf5a6931660c623ed18a97c8a12ba0758ae891f54825114c0aa8a05ce70af42bcf8108e4835f7356e6a08d4b547d30a621cfcfb7d67ff38294fac0
-
SSDEEP
12288:qdxsEH/ARUwqxwZNVls4QM8tOqO5c1UADqjJ5nl0+9MK:qwEoMYNbsKbc0jrZe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-