General
-
Target
227c17af92250eb0bdf0699aa960da49.exe
-
Size
563KB
-
Sample
221003-jv1seaffdr
-
MD5
227c17af92250eb0bdf0699aa960da49
-
SHA1
d61972c27c1c527e4045b8ae02bee2cecc1f0e1c
-
SHA256
0c62abe574a6b360a940fc43ecae0993eb52715bac6208ea56e2de5e1bc5892b
-
SHA512
2f63af39b7f4c6e262f4ce6fa41392dcc81746562f0d3f2624ec51528450a337be02739d046dd9062e0bc81a4c1bcbecee7adecdb434b119ad708aab07acf017
-
SSDEEP
12288:kErC2iNx04jcS2r4LRzx/T/xtznCqpTBaGNCAkQvlBhCTet:LG1/07r4fr/xt7CuUGhvhx
Static task
static1
Behavioral task
behavioral1
Sample
227c17af92250eb0bdf0699aa960da49.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
227c17af92250eb0bdf0699aa960da49.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/sendDocument
Targets
-
-
Target
227c17af92250eb0bdf0699aa960da49.exe
-
Size
563KB
-
MD5
227c17af92250eb0bdf0699aa960da49
-
SHA1
d61972c27c1c527e4045b8ae02bee2cecc1f0e1c
-
SHA256
0c62abe574a6b360a940fc43ecae0993eb52715bac6208ea56e2de5e1bc5892b
-
SHA512
2f63af39b7f4c6e262f4ce6fa41392dcc81746562f0d3f2624ec51528450a337be02739d046dd9062e0bc81a4c1bcbecee7adecdb434b119ad708aab07acf017
-
SSDEEP
12288:kErC2iNx04jcS2r4LRzx/T/xtznCqpTBaGNCAkQvlBhCTet:LG1/07r4fr/xt7CuUGhvhx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-