General
-
Target
5d63344ee5a825f50d0ced0b0585ff9d1a4d268c9c62edddcc73a6ca718154ce
-
Size
594KB
-
Sample
221128-phdd8sce46
-
MD5
c695a5b79f59d37691e0316bff7ae838
-
SHA1
625c99b5bdbcaf4c9192a7e1d4b6856f3f1efbe0
-
SHA256
5d63344ee5a825f50d0ced0b0585ff9d1a4d268c9c62edddcc73a6ca718154ce
-
SHA512
c885f3e955dc6c34beda3eac3343edfa0aaed921ea8dd32a11bb28c95f93721f456fff0b97a290109aa6d959cc1cd5c35412eee18af0f55a9936fe3fa2da577a
-
SSDEEP
12288:cU/AMgwKft05q20d5g50BSTV3xoL2JP58fwZ1OLUWy0rlaNd7G:cgAMgReDn5zfZ58F/roL6
Static task
static1
Behavioral task
behavioral1
Sample
EXa1uNBrCfdgvYC.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
EXa1uNBrCfdgvYC.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5380301623:AAEiiAoD9x5hD8Dpz7EhZFXpW2UQGzFYtzs/sendDocument
Targets
-
-
Target
EXa1uNBrCfdgvYC.exe
-
Size
660KB
-
MD5
a758082e3e4853b48d55493ba8b72fc7
-
SHA1
c077989bfa922cb9ccd43f79bdb398a0715dda72
-
SHA256
b27c6b257151b39a26f528bf4511bae9b795493cb54cf2d31676ae586ee74e86
-
SHA512
4b9819ebf90e27f12556a371e59e1891f4b4195e1677a58ec3c1e0419bd409130957f213dc34902ba80e3869cff5a660955cbecbc84fc356a6e53dcaa71e5008
-
SSDEEP
12288:oAaiMy1HgprVjfjeouDHY3NJMkwCfD2HBG7SU2W34CPfPhS:zxF1HghVjf6ogY3NvtfDawB2Dh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-