General
-
Target
60c994d3d36e7f3acacb7d607b4efc3605315e6996f0380ac2d230c0f29a5e90
-
Size
901KB
-
Sample
221125-akjayace51
-
MD5
a54d15a4b46f819424bb2959c8b370cb
-
SHA1
e880d488227b62ec183dc402e956f5dfdea94330
-
SHA256
60c994d3d36e7f3acacb7d607b4efc3605315e6996f0380ac2d230c0f29a5e90
-
SHA512
69a5309c418af73eebaa490c2b197c8ce4931736afb7482c4225107261afe2c4bde9ad0d020291be1dfbbdf9e9a7ee44161a0433f4a15c0c3517716694ef9d35
-
SSDEEP
24576:trVW0KE7V1CZcnjzz1bZsg/xeM6ZjguzCoIVmXC:lbjz9xCS0Coumy
Static task
static1
Behavioral task
behavioral1
Sample
60c994d3d36e7f3acacb7d607b4efc3605315e6996f0380ac2d230c0f29a5e90.exe
Resource
win10-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5577155192:AAEz6ZTkghx2RsdTxeeE-sDulPHc5WQblVg/
Targets
-
-
Target
60c994d3d36e7f3acacb7d607b4efc3605315e6996f0380ac2d230c0f29a5e90
-
Size
901KB
-
MD5
a54d15a4b46f819424bb2959c8b370cb
-
SHA1
e880d488227b62ec183dc402e956f5dfdea94330
-
SHA256
60c994d3d36e7f3acacb7d607b4efc3605315e6996f0380ac2d230c0f29a5e90
-
SHA512
69a5309c418af73eebaa490c2b197c8ce4931736afb7482c4225107261afe2c4bde9ad0d020291be1dfbbdf9e9a7ee44161a0433f4a15c0c3517716694ef9d35
-
SSDEEP
24576:trVW0KE7V1CZcnjzz1bZsg/xeM6ZjguzCoIVmXC:lbjz9xCS0Coumy
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-