General
-
Target
Overdue_account letter.exe
-
Size
958KB
-
Sample
221127-h497rsch6s
-
MD5
40c43a758689271d72709958de73a4cc
-
SHA1
9fb2af9270987df6a8e974eb745f9a01022c3453
-
SHA256
1ea31d04175fb842e43adb57eadd01486fbad17841f83d5eff065b67baeb4d69
-
SHA512
a47e491d4eda64ddedf8d533aea1097fe43b85927074598ee74fb59faa48968e44d7c2f58057375850710389da2a0bcac9eab6a248172a5dcdcc99b7c87d5bf4
-
SSDEEP
24576:NoU376CMskFgqIyXXkH5MF1FI86jiT17MTsM3ya2veHe:NpPkVXX65cr6jiT1ha2veHe
Static task
static1
Behavioral task
behavioral1
Sample
Overdue_account letter.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Overdue_account letter.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5495243543:AAG3XPeGW7yqfXF6_EXjGSfO9SWHJTpqVsU/
Targets
-
-
Target
Overdue_account letter.exe
-
Size
958KB
-
MD5
40c43a758689271d72709958de73a4cc
-
SHA1
9fb2af9270987df6a8e974eb745f9a01022c3453
-
SHA256
1ea31d04175fb842e43adb57eadd01486fbad17841f83d5eff065b67baeb4d69
-
SHA512
a47e491d4eda64ddedf8d533aea1097fe43b85927074598ee74fb59faa48968e44d7c2f58057375850710389da2a0bcac9eab6a248172a5dcdcc99b7c87d5bf4
-
SSDEEP
24576:NoU376CMskFgqIyXXkH5MF1FI86jiT17MTsM3ya2veHe:NpPkVXX65cr6jiT1ha2veHe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-