General
-
Target
RSG USD17309.exe
-
Size
822KB
-
Sample
221129-sg9mtsdf8t
-
MD5
e619cdd352048c3823ac99bca6698bc2
-
SHA1
97e4aac514cfffb25a738e2b18443c9d11958970
-
SHA256
b9f0fee4b618fa2f84768ffe0815a2291798380591724470b52a8939e5d26547
-
SHA512
5f915fff53dfc62b1e2db5339c176dccf67e9dc5b1096cba0fe7ec208f2d4e53887f6094bb05c92e35b1f57dd4ca737a4bf841fc3cda42afc7f6baba12e8feb4
-
SSDEEP
12288:mOv4+qQknbPjHmv8rcRAt59Y2PG1rar3vj6cYC67HLTZi5VrRt3c/TCHcJ:0+qbPy9At02PG1ar/2c+7HLUj/3
Static task
static1
Behavioral task
behavioral1
Sample
RSG USD17309.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RSG USD17309.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5700681005:AAF2K-iQMsKRkqCcUgSZLmmugrKJcbb8Xg8/
Targets
-
-
Target
RSG USD17309.exe
-
Size
822KB
-
MD5
e619cdd352048c3823ac99bca6698bc2
-
SHA1
97e4aac514cfffb25a738e2b18443c9d11958970
-
SHA256
b9f0fee4b618fa2f84768ffe0815a2291798380591724470b52a8939e5d26547
-
SHA512
5f915fff53dfc62b1e2db5339c176dccf67e9dc5b1096cba0fe7ec208f2d4e53887f6094bb05c92e35b1f57dd4ca737a4bf841fc3cda42afc7f6baba12e8feb4
-
SSDEEP
12288:mOv4+qQknbPjHmv8rcRAt59Y2PG1rar3vj6cYC67HLTZi5VrRt3c/TCHcJ:0+qbPy9At02PG1ar/2c+7HLUj/3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-