General
-
Target
3f887df553df9b5424a935f528508097d535994888a890544feb47b51cefa7b9
-
Size
592KB
-
Sample
221202-wlqmasec8z
-
MD5
30c086a8698914c2ff04f9de53e9c29b
-
SHA1
89cebd2a4ec49fa8782752ce0a1f9322472c17cb
-
SHA256
3f887df553df9b5424a935f528508097d535994888a890544feb47b51cefa7b9
-
SHA512
9868cd303c28f792c20cf95d25ab679f9c2e5b440a535524c6df81b1b9cab79755b6a42177fdb8824112f16909baaa448fd195e064856abd92f7622dbc4e78af
-
SSDEEP
12288:pWfUOrBlw9hkZhwjtpesNjhtJjVa/7/pJx/v5LLI41SmIKcGYZfXFKFrqt:pg1Y9+uto+FRidtI41lI1NZf4FrE
Static task
static1
Behavioral task
behavioral1
Sample
tMEGigbd7Zd4VqB.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
tMEGigbd7Zd4VqB.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5380301623:AAEiiAoD9x5hD8Dpz7EhZFXpW2UQGzFYtzs/sendDocument
Targets
-
-
Target
tMEGigbd7Zd4VqB.exe
-
Size
659KB
-
MD5
95b05936828a3d1568d2f1117292ae71
-
SHA1
2afd6bc70157b58ee24d7110aa3b20b0750d7498
-
SHA256
fc8e47fe406ad8b04edb2c6781bccf991b0c63e5e74124398010c2b3d79c13cd
-
SHA512
d9fa38b3b3e451d9db87fc173234e625bdd16c18161e71607c984ebdbbce1fe9fa46bd0064f0eec081c803aad595d2fc726e85fe497c48949cdbf4677c68deb3
-
SSDEEP
12288:rqI9q4YmH9n9VAPeFZbVicj12OCT4pNcNjGQ8xdYA6NBPFwCS2O70sOT0:GIL9nlxvR2EMjLoeA6fFFi0f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-