General
-
Target
Consulta de compra.exe
-
Size
300.1MB
-
Sample
221202-lnbwtadg27
-
MD5
4a6c4f83ba59f169f41a77eed6d08fd3
-
SHA1
725e35e280c140840263b0a47d449b9e03e36942
-
SHA256
4a5d563e7519d9b2e7321abc2aa2355ecb22ed8d60e34061a0f935757a6a0f82
-
SHA512
2fe598182197d0f1ca7750ec9ff5ab15248a8611e6165a9449af30ca7fe206acff80a8bef179badf4100379dea18db8c94a3738bbf8c1847ec1b854159805c07
-
SSDEEP
192:jr0QjqirBzCL7eOIQSz16nbP3IwKu1AVxxlK4QzwU94aMVv0L:v0Q3rBWLmnz1MbvTKEAVk4QzwU9jA8L
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/
Targets
-
-
Target
Consulta de compra.exe
-
Size
300.1MB
-
MD5
4a6c4f83ba59f169f41a77eed6d08fd3
-
SHA1
725e35e280c140840263b0a47d449b9e03e36942
-
SHA256
4a5d563e7519d9b2e7321abc2aa2355ecb22ed8d60e34061a0f935757a6a0f82
-
SHA512
2fe598182197d0f1ca7750ec9ff5ab15248a8611e6165a9449af30ca7fe206acff80a8bef179badf4100379dea18db8c94a3738bbf8c1847ec1b854159805c07
-
SSDEEP
192:jr0QjqirBzCL7eOIQSz16nbP3IwKu1AVxxlK4QzwU94aMVv0L:v0Q3rBWLmnz1MbvTKEAVk4QzwU9jA8L
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-