General
-
Target
Copia dellordine di pagamento.tgz.gz
-
Size
306KB
-
Sample
221129-qmtgpacg32
-
MD5
0a5967e6b0f29aed16af5f8a4f84099f
-
SHA1
0c42c4c8adb321b3f5b5118261ddc082f139925c
-
SHA256
76142d7f4c863e413429c8afc13aebf9f0afeddb3be14ee033ba1bd2e89b0741
-
SHA512
4d7c388b0c88dc7088c95d965dd96450b729d9674073dc755e65752ca7b02c33654ac6e18ba9107dd808046602f589a6e038e7a66a648b4da717873cd328bc54
-
SSDEEP
192:5GovtAWTIqGJmakfCLOYRy3fwObp7/c44ZVTODXxh:4AAHJCqivRVS4h
Static task
static1
Behavioral task
behavioral1
Sample
Copia dell'ordine di pagamento.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Copia dell'ordine di pagamento.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/
Targets
-
-
Target
Copia dell'ordine di pagamento.exe
-
Size
300.1MB
-
MD5
af75b6039c209b6c31915ca4957adcd8
-
SHA1
af396a57bd962bbc927143f924d279962eaa9d5c
-
SHA256
ecc0953d70c3f7f7fce5ef31dd734452a3ba52d63ec4020646c8a999e10d6003
-
SHA512
b303c246e15c2e705bbf19f3290f073a199249085321bbdc706ab54fa274c43882d8a0379a781c97050bbed12bb51478b6b4cbc9e18d29496303b2bec92896e0
-
SSDEEP
384:z7MRYI5eLyY9kgbZQAgDNGprbptYcFmVc03Kv:zzI5aT9kgOAgoFtYcFmVc6Kv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-