General
-
Target
SOA US$109,907.exe
-
Size
952KB
-
Sample
221204-mfdacaad77
-
MD5
a08dcd776ba1f20e041fc4bdeabc28f2
-
SHA1
645e8cda5d793de5181f8585290588f0b5335879
-
SHA256
19505f6bdcb079c656821792ee63096814b5d567a68eea1c1192edc7a1925279
-
SHA512
b5aabf447a279da46fcc06f663c02657162275fe730e1b3f111bef10ea1e0b22d20e476a9296b176ffa61920d4d38b2d71a1c86d8fb381e29b8096a49e43d735
-
SSDEEP
24576:khMnTV1PBPq3ILjQyvtCw4RxeuhgXTWSCsXXt1NkB:kmTV1PBPq4LjQQF+B
Static task
static1
Behavioral task
behavioral1
Sample
SOA US$109,907.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SOA US$109,907.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5515611206:AAEcQSX8hXHOAxSYr8KUdLxGF5eqw4FRXoA/
Targets
-
-
Target
SOA US$109,907.exe
-
Size
952KB
-
MD5
a08dcd776ba1f20e041fc4bdeabc28f2
-
SHA1
645e8cda5d793de5181f8585290588f0b5335879
-
SHA256
19505f6bdcb079c656821792ee63096814b5d567a68eea1c1192edc7a1925279
-
SHA512
b5aabf447a279da46fcc06f663c02657162275fe730e1b3f111bef10ea1e0b22d20e476a9296b176ffa61920d4d38b2d71a1c86d8fb381e29b8096a49e43d735
-
SSDEEP
24576:khMnTV1PBPq3ILjQyvtCw4RxeuhgXTWSCsXXt1NkB:kmTV1PBPq4LjQQF+B
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-