General
-
Target
Kopia polecenia zapłaty.tgz
-
Size
306KB
-
Sample
221129-mn6xmaea9x
-
MD5
413bb0e0fe84496cd167249f75a2f411
-
SHA1
25496489937978ca15dade121ef7f9e443af1254
-
SHA256
292c8cf28e91c55445de7eb52552c668ea1cd7d2a824801939cd2bbea4473b3d
-
SHA512
cb320393cc5e9f3c91c38ef9a4c15a7a2ea5df1afa31a31bb9792840d22a6550ec477a86d9609e8da39c4026574cd775c27ddfa05349234f39e404870b4fbf6d
-
SSDEEP
192:MfsCyofB9a/qyKBJJmQoBQHGJB6+Q9Y3mm/TIZXi5Kf6Mx+h3J71I:EaofQGJBmG+Q9Y3p/TmNE2
Static task
static1
Behavioral task
behavioral1
Sample
Kopia polecenia zapłaty.exe
Resource
win7-20220812-de
Behavioral task
behavioral2
Sample
Kopia polecenia zapłaty.exe
Resource
win10v2004-20221111-de
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/
Targets
-
-
Target
Kopia polecenia zapłaty.exe
-
Size
300.1MB
-
MD5
af75b6039c209b6c31915ca4957adcd8
-
SHA1
af396a57bd962bbc927143f924d279962eaa9d5c
-
SHA256
ecc0953d70c3f7f7fce5ef31dd734452a3ba52d63ec4020646c8a999e10d6003
-
SHA512
b303c246e15c2e705bbf19f3290f073a199249085321bbdc706ab54fa274c43882d8a0379a781c97050bbed12bb51478b6b4cbc9e18d29496303b2bec92896e0
-
SSDEEP
384:z7MRYI5eLyY9kgbZQAgDNGprbptYcFmVc03Kv:zzI5aT9kgOAgoFtYcFmVc6Kv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-