General
-
Target
SecuriteInfo.com.Win64.Evo-gen.29048.30351.exe
-
Size
476KB
-
Sample
221123-ml4z9aed66
-
MD5
b5c98662262c45efed63b78c4f41a31a
-
SHA1
1daab0515696d8898cce69dae28edab48615f276
-
SHA256
0a83c7e2b213646c2861d33fb49bd12c9fb43f1e19fafbfd618bd4b17a07aabf
-
SHA512
5e94a92c7106561b34120bc047390128cb5aed58fb3754bfd29507889b6b50992353cd00e5fa7941d666f824908dc59064877389e7911a81a2ca62d554662550
-
SSDEEP
12288:DaifFPH4m1d29VJWOwXPhn7w9tbt+8eV7:DaidP4s2zoBhnEXbcxV7
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.Evo-gen.29048.30351.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.Evo-gen.29048.30351.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5515611206:AAEcQSX8hXHOAxSYr8KUdLxGF5eqw4FRXoA/
Targets
-
-
Target
SecuriteInfo.com.Win64.Evo-gen.29048.30351.exe
-
Size
476KB
-
MD5
b5c98662262c45efed63b78c4f41a31a
-
SHA1
1daab0515696d8898cce69dae28edab48615f276
-
SHA256
0a83c7e2b213646c2861d33fb49bd12c9fb43f1e19fafbfd618bd4b17a07aabf
-
SHA512
5e94a92c7106561b34120bc047390128cb5aed58fb3754bfd29507889b6b50992353cd00e5fa7941d666f824908dc59064877389e7911a81a2ca62d554662550
-
SSDEEP
12288:DaifFPH4m1d29VJWOwXPhn7w9tbt+8eV7:DaidP4s2zoBhnEXbcxV7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-