General
-
Target
e00bde5d0abc4ae4bcbc1e0d404a4a8c974f07b21c8272907916d14566143e9e
-
Size
615KB
-
Sample
221003-fzqlfsagep
-
MD5
0764ee3a65e6baa7365e4128989a2471
-
SHA1
f666e7b624f8354a69ca99be097c3dd217e099a6
-
SHA256
e00bde5d0abc4ae4bcbc1e0d404a4a8c974f07b21c8272907916d14566143e9e
-
SHA512
9593d13204f0355648872250da989535972508ad7842f6abc6099e779823fbfa62f88ddf2cdebecfa814c3abf412c7e2f0fcb3b326185dacdaafc0a3cfdc4341
-
SSDEEP
12288:cUgbo6Fpwx6CyXFBRTQ3EI7/WyPByFJoTJQmXGl8vvNltVakFUCFSYTPyy:cUgboWuC7Q3p+kyF8GWXNh/FrPyy
Static task
static1
Behavioral task
behavioral1
Sample
DRAFT.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
DRAFT.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5662683474:AAFvSjyPXTiwhBPcFi8of3_-_FCdfhhN8x0/
Targets
-
-
Target
DRAFT.exe
-
Size
878KB
-
MD5
ff8a8ea782c1d84b939ffdad6ddd8b12
-
SHA1
606646cab82790c56efcc0fba85e01eb7969928b
-
SHA256
6cd12303f9534d9250e96502525aa2db583a1fb1f24db596672daa653cb8f553
-
SHA512
23dff2652bcc8899ad3aca4227c23e9df9cb17778646570c3b6edb042d9653c4857eaad66b684a717d0f21d9023298e44ae41b12a1afe1ca89188981b4d432a1
-
SSDEEP
12288:z/76j8k6j/ijuC6jFzR5Q3gIbpWyFBgFJoTJQWXYd8FvHltvukP:dkq8EPQ35gEgFQYOtHl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-