General
-
Target
tmp
-
Size
753KB
-
Sample
221123-qzwsksad2t
-
MD5
751532ac5635d8c77a474df541c780d9
-
SHA1
d7a962a32cafae1e791d2f896d0c9bb6ae0384d0
-
SHA256
ef176faa1d186e67f9ab559b32c35dcfe874bef49156ebcd414d5c032ec2f55a
-
SHA512
4a32296e5b02d8a6cf5c839ec0425231bde4d4d51dc92030c4fd658c6da11cc49521523a9547e40d658146b0a703ac04d12d2df2f78f25c2863d28a7a8fcb474
-
SSDEEP
12288:939riVwf3iJ+HN3TFfIKXKH0oKnkishvwWqWogZWhwOANLw/y/9Zu/E9jtgmdbtb:9Nriy/fTFfyRIA2R59Ntjk
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1900392974:AAEB_yGGlWksNcNC4Dg08OgUSlmDON2w098/sendDocument
Targets
-
-
Target
tmp
-
Size
753KB
-
MD5
751532ac5635d8c77a474df541c780d9
-
SHA1
d7a962a32cafae1e791d2f896d0c9bb6ae0384d0
-
SHA256
ef176faa1d186e67f9ab559b32c35dcfe874bef49156ebcd414d5c032ec2f55a
-
SHA512
4a32296e5b02d8a6cf5c839ec0425231bde4d4d51dc92030c4fd658c6da11cc49521523a9547e40d658146b0a703ac04d12d2df2f78f25c2863d28a7a8fcb474
-
SSDEEP
12288:939riVwf3iJ+HN3TFfIKXKH0oKnkishvwWqWogZWhwOANLw/y/9Zu/E9jtgmdbtb:9Nriy/fTFfyRIA2R59Ntjk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-