General
-
Target
8427322316.zip
-
Size
859KB
-
Sample
221123-r1gwgsaa26
-
MD5
95ea32a577e246d2b456ff2fc9a71bbc
-
SHA1
7a0bb67b98d507a0871f876f4818083ce1a5f4f7
-
SHA256
cfdaeca9b832cd4b73218ed37e30d7f93061607f5075d976f97741eeda169304
-
SHA512
73c1b351027492c7296aadbfb14273d1eb9bea04654831f3385b48a6565d21e732ed419e27bbe42772c686be8a8569c9aae547949f63b4cae564ee8f51bf287d
-
SSDEEP
24576:f14U+p1igMGthXRI2pl3pJXwukhvj/wjBUSc:f4GgMKhXOCQuk5jECD
Static task
static1
Behavioral task
behavioral1
Sample
ee786b17c0debabc35aaa386da758c13cc9e0952b0d2d4e265756f493f82c2ed.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ee786b17c0debabc35aaa386da758c13cc9e0952b0d2d4e265756f493f82c2ed.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5088709131:AAFHCIxHU907RAI3XEaH2G6LgE9wrdrAgI0/sendDocument
Targets
-
-
Target
ee786b17c0debabc35aaa386da758c13cc9e0952b0d2d4e265756f493f82c2ed
-
Size
1.1MB
-
MD5
e035bc2cbfc3910329796b79c1e7dd8b
-
SHA1
d34dc97dd02408e1304df5ba7ec66e2dcfa20584
-
SHA256
ee786b17c0debabc35aaa386da758c13cc9e0952b0d2d4e265756f493f82c2ed
-
SHA512
dcc5720e77e8e27d7eec8662d8d4e321f4ba0b1ac557231cc36d4926d516ce535efa662ded1e41cc5e039c61112579a5c9b557c05db39d26b8ea50c040b0d3e6
-
SSDEEP
24576:k1utqdOTLC6tDmQKn842PRyQU3zUEMdE99:kMqdOa6J/KnJLJ3z0W99
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-