General
-
Target
c8199c30edc544b24e479f396e0982337af82235cdb7b0e36c1a9e6e7bddc107
-
Size
619KB
-
Sample
221128-n7qv7agb3z
-
MD5
fa80943e564c6bd196f31cc388e89222
-
SHA1
a10223dcc2bb2ddddcaf91fd9defb363401dba92
-
SHA256
c8199c30edc544b24e479f396e0982337af82235cdb7b0e36c1a9e6e7bddc107
-
SHA512
cf94b7de2fd06ed590dc761100c43757318d7cadd2d0ec09f03fcb9dd281a9cae890f7ac0a3b787553bf2d214fb03d4e61d1a015f78ac4f507878e715baa0118
-
SSDEEP
12288:y0IoTk5gATcoCVP/9lavENfuztReNssl/90EObmDQRVoEM89GmuBbSS4eH:y0IoILTwVPllkE9uzDeFBWE2gQRV48fS
Static task
static1
Behavioral task
behavioral1
Sample
GsxINR0t8iolBIA.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
GsxINR0t8iolBIA.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5380301623:AAEiiAoD9x5hD8Dpz7EhZFXpW2UQGzFYtzs/sendDocument
Targets
-
-
Target
GsxINR0t8iolBIA.exe
-
Size
714KB
-
MD5
b5fbf8ee3c25415a91dcf897ee20a98a
-
SHA1
b794d6f5bb0232f7fc0963ed78ef7012d9ea7d86
-
SHA256
63cdda46a08c3038d94c60c3dd0ac398eb2d5b56568870bd4128b835a41d7c4d
-
SHA512
f377988f9a54e64f3005ce84af8114a343eb914cecde973c19ee332fe1acfbb5ec541b196850bc2baf73bd9a8120ef3e6e50ff0b495f63ca7beed6f530130395
-
SSDEEP
12288:FIlpkANyPAatCGgapqfc37HrEN1Go3FbojZzCi9fjzEOastQCg5:FUUCGgapqfcTrcmjtCQjAO1td+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-