General
-
Target
ff075bd120a01cea7441f17e7ed8b2cdc630c8445d3bf025133dcf190b41f0fe
-
Size
1.1MB
-
Sample
221206-hf3ssacf24
-
MD5
0688e96359a47fdee3188d881fcbd2f0
-
SHA1
2f0c978f7b565c599f8d719be657ca5471ef147c
-
SHA256
ff075bd120a01cea7441f17e7ed8b2cdc630c8445d3bf025133dcf190b41f0fe
-
SHA512
172389729c3eb47d8c8a8ff7cdeb82e8f28a5e7412885e8f440adc7f0ef5d58f96c833b24c2118fb38f41f9048fe067ae0ded093753fef0a361ad485bdaeabc0
-
SSDEEP
24576:tONz9IVo0TlDTVr6St9SeU8blvxlAStWUo9gjLs:tYz9IVtJDJrjt9S18blzZgUOgjLs
Static task
static1
Behavioral task
behavioral1
Sample
ff075bd120a01cea7441f17e7ed8b2cdc630c8445d3bf025133dcf190b41f0fe.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ff075bd120a01cea7441f17e7ed8b2cdc630c8445d3bf025133dcf190b41f0fe.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5160627201:AAFqhXgzctTZMSuR7dIpLe50dmHi1xpPyYQ/sendDocument
Targets
-
-
Target
ff075bd120a01cea7441f17e7ed8b2cdc630c8445d3bf025133dcf190b41f0fe
-
Size
1.1MB
-
MD5
0688e96359a47fdee3188d881fcbd2f0
-
SHA1
2f0c978f7b565c599f8d719be657ca5471ef147c
-
SHA256
ff075bd120a01cea7441f17e7ed8b2cdc630c8445d3bf025133dcf190b41f0fe
-
SHA512
172389729c3eb47d8c8a8ff7cdeb82e8f28a5e7412885e8f440adc7f0ef5d58f96c833b24c2118fb38f41f9048fe067ae0ded093753fef0a361ad485bdaeabc0
-
SSDEEP
24576:tONz9IVo0TlDTVr6St9SeU8blvxlAStWUo9gjLs:tYz9IVtJDJrjt9S18blzZgUOgjLs
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-