General
-
Target
09e4a87a6008ceff27423dbca245888f.exe
-
Size
300.1MB
-
Sample
221125-jzv3qacg52
-
MD5
09e4a87a6008ceff27423dbca245888f
-
SHA1
75421ba696dcadc9374c861946feba1ba61850b1
-
SHA256
a3651d8b7f6bd588cff17dc6107b5bb9444d64966d32c101444e85adcf10477d
-
SHA512
b2227c09f05e8d516372685ccfe7fbf29666853a2b55ddbd3be404669eaf6d41e54a5feb86b6542dcac347a05caf8b8ce42c7be4262f7a6202efdef2838e60eb
-
SSDEEP
192:4YTgagCLAWvAZaMDgz/NCtlLrb8stYcFmVc03KYS:4vaXLAngAgDNGprbptYcFmVc03Kx
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/
Targets
-
-
Target
09e4a87a6008ceff27423dbca245888f.exe
-
Size
300.1MB
-
MD5
09e4a87a6008ceff27423dbca245888f
-
SHA1
75421ba696dcadc9374c861946feba1ba61850b1
-
SHA256
a3651d8b7f6bd588cff17dc6107b5bb9444d64966d32c101444e85adcf10477d
-
SHA512
b2227c09f05e8d516372685ccfe7fbf29666853a2b55ddbd3be404669eaf6d41e54a5feb86b6542dcac347a05caf8b8ce42c7be4262f7a6202efdef2838e60eb
-
SSDEEP
192:4YTgagCLAWvAZaMDgz/NCtlLrb8stYcFmVc03KYS:4vaXLAngAgDNGprbptYcFmVc03Kx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-