General
-
Target
1db66e82aa1e429f5734eda8cf9fd108f2cd5276e5a4da7336f746949b66a93b
-
Size
890KB
-
Sample
221206-hfvgeafg3v
-
MD5
069d48402eaa1d06fe82a353bb7b4d6a
-
SHA1
7c00242195fff2110fc02b59c829604d140809ff
-
SHA256
1db66e82aa1e429f5734eda8cf9fd108f2cd5276e5a4da7336f746949b66a93b
-
SHA512
d1fc86fd39d67ebb9ce9456e26b6160c919aa3c6404e57c2ad828c658fc9f48e3361c9ecb60e10d3a9f437e42cbce3160885ae6d93945585a89393204982b5fd
-
SSDEEP
12288:2fEWcBe2fFc1zfL9vn/KH98RicO/SI5TGvgms7h3hJ4qDM1V0q0wL4O9:2EvBffFcJ9/yH98XehGY1JI1V0qE
Static task
static1
Behavioral task
behavioral1
Sample
1db66e82aa1e429f5734eda8cf9fd108f2cd5276e5a4da7336f746949b66a93b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1db66e82aa1e429f5734eda8cf9fd108f2cd5276e5a4da7336f746949b66a93b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
http://141.98.6.75/500/inc/9bce52518beca5.php
Targets
-
-
Target
1db66e82aa1e429f5734eda8cf9fd108f2cd5276e5a4da7336f746949b66a93b
-
Size
890KB
-
MD5
069d48402eaa1d06fe82a353bb7b4d6a
-
SHA1
7c00242195fff2110fc02b59c829604d140809ff
-
SHA256
1db66e82aa1e429f5734eda8cf9fd108f2cd5276e5a4da7336f746949b66a93b
-
SHA512
d1fc86fd39d67ebb9ce9456e26b6160c919aa3c6404e57c2ad828c658fc9f48e3361c9ecb60e10d3a9f437e42cbce3160885ae6d93945585a89393204982b5fd
-
SSDEEP
12288:2fEWcBe2fFc1zfL9vn/KH98RicO/SI5TGvgms7h3hJ4qDM1V0q0wL4O9:2EvBffFcJ9/yH98XehGY1JI1V0qE
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-