General
-
Target
524ad9ed47f4d864dbc14cc67a1969bad49d2a46d3837628a95248fbbc014fd0
-
Size
797KB
-
Sample
221125-scc33afa58
-
MD5
8efdd0544cb04363366db3f196cd9343
-
SHA1
24539d81bfb3553f2430d5b208de96bc6de01d2d
-
SHA256
524ad9ed47f4d864dbc14cc67a1969bad49d2a46d3837628a95248fbbc014fd0
-
SHA512
eaac1447e768e15bff79ccf93c17246cb2db6aceef7dd088c3e41f9ba749aa434b19f1be78958de5c4fc33fcabaa387452a76993e1cc7d5f4117e8f998ea8e3a
-
SSDEEP
12288:/xbvsYh3WTjPmz5f9JoZQiMRRhlxBMITn5E/VFMMsGz/vpEC/ebHV0xeXMgvS9uX:/OkWTjOz5lJGsRz1n5EzMsbv7erArDjU
Static task
static1
Behavioral task
behavioral1
Sample
QH1BV5bAx3RjzS7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
QH1BV5bAx3RjzS7.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5380301623:AAEiiAoD9x5hD8Dpz7EhZFXpW2UQGzFYtzs/sendDocument
Targets
-
-
Target
QH1BV5bAx3RjzS7.exe
-
Size
1.4MB
-
MD5
c98b552f08d6af1b3b14ac134724cf9e
-
SHA1
181d21d2f160433da1bf9d8f7194665e84565cd2
-
SHA256
bc0a1153681fd21f8ea15a81e41d256a7a10623554db56a74d2b244547248e7c
-
SHA512
e4a14fb4cbdd68ad71776db1c4f06b5fd2928d37ead8751425aad313c4e8061ebc52fa926ed89a878c69119b07bfe805599cee69db5ff122bb01459c5971783e
-
SSDEEP
24576:V3ddlVYSVuuqiZAr/Kqh4pwtaZeb7k+bZ/219cEtg3bCqM6kdtGDicURtcwr7g6/:9HYSVuuqiZAr/Kc4pwtaZeb7k+bZ/21v
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-