General
-
Target
Payment copy of Euro 90,162.57.exe
-
Size
995KB
-
Sample
221204-k9sk1seg97
-
MD5
031b6863d3bba189c39af5dff13a811e
-
SHA1
64d47415cfb64fd5657705263a4d3041f2ac2d7e
-
SHA256
5fc28dba0030fcbcc62c9ca9c6da94dbecd6e50ee64f4f5380e6a73adf16f627
-
SHA512
5e18db6db492c330f2d49af5db7477616367bc34fb0b934741c7a020aa5d9dc826a4ae9310ccdb6f5171c082d1044a0d6d8325e75d8f66b5042b29e2fe50ae73
-
SSDEEP
12288:OJylOmEgr9ugFZM4FrBiBkh9icts0cNX7eqKYngdVwdGnDwBwTia38kfS/AzsEE/:mOZwBkh9xtNUPedVw8MaTiwAAgEEY4
Static task
static1
Behavioral task
behavioral1
Sample
Payment copy of Euro 90,162.57.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Payment copy of Euro 90,162.57.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5453942321:AAF6CS9julQ6K7s5pxacNALwWJ2A52D0EC4/
Targets
-
-
Target
Payment copy of Euro 90,162.57.exe
-
Size
995KB
-
MD5
031b6863d3bba189c39af5dff13a811e
-
SHA1
64d47415cfb64fd5657705263a4d3041f2ac2d7e
-
SHA256
5fc28dba0030fcbcc62c9ca9c6da94dbecd6e50ee64f4f5380e6a73adf16f627
-
SHA512
5e18db6db492c330f2d49af5db7477616367bc34fb0b934741c7a020aa5d9dc826a4ae9310ccdb6f5171c082d1044a0d6d8325e75d8f66b5042b29e2fe50ae73
-
SSDEEP
12288:OJylOmEgr9ugFZM4FrBiBkh9icts0cNX7eqKYngdVwdGnDwBwTia38kfS/AzsEE/:mOZwBkh9xtNUPedVw8MaTiwAAgEEY4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-