General
-
Target
IsI1k3cWYIHjiSY.exe
-
Size
912KB
-
Sample
221129-ramn2shf5x
-
MD5
aa16d0032f7bbdb5882996f8a4b2b598
-
SHA1
7cfb835b0649726524ead9b043f206e348f9b34e
-
SHA256
d1e71b7c7104d2e883617d0412e9ab6a67f6577765141655542400b99461bff9
-
SHA512
e98ece293e800c81f0523327498c5afd53743b951dd21e90e1d6ed2b80753636ee19d0b8957ce74b36451bbb4880c4da1e149257bb252362e6ce95e4f050b556
-
SSDEEP
12288:IqunqU+ceCVCLUoytxa+387Ct2NiSD2Aml7j0lOW1Ddzoa1cfN:ruhCLlc87X7D2olL1DdEPf
Static task
static1
Behavioral task
behavioral1
Sample
IsI1k3cWYIHjiSY.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
IsI1k3cWYIHjiSY.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5015424630:AAHYFU1sKtYqSORHBErFCWNjJz1TpXKj30w/sendDocument
Targets
-
-
Target
IsI1k3cWYIHjiSY.exe
-
Size
912KB
-
MD5
aa16d0032f7bbdb5882996f8a4b2b598
-
SHA1
7cfb835b0649726524ead9b043f206e348f9b34e
-
SHA256
d1e71b7c7104d2e883617d0412e9ab6a67f6577765141655542400b99461bff9
-
SHA512
e98ece293e800c81f0523327498c5afd53743b951dd21e90e1d6ed2b80753636ee19d0b8957ce74b36451bbb4880c4da1e149257bb252362e6ce95e4f050b556
-
SSDEEP
12288:IqunqU+ceCVCLUoytxa+387Ct2NiSD2Aml7j0lOW1Ddzoa1cfN:ruhCLlc87X7D2olL1DdEPf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-