General
-
Target
832d243861035e21f268e5dd0ef03dc289a9448aca36cdae4449bbc7cb30d0da.exe
-
Size
669KB
-
Sample
221206-prrcfshc68
-
MD5
9ae305b0f8e1766b18dfeeb71a4448fe
-
SHA1
6c90cfad19dec005363307cf428c1e71cc95aec7
-
SHA256
832d243861035e21f268e5dd0ef03dc289a9448aca36cdae4449bbc7cb30d0da
-
SHA512
4753c3bac1ba3cbef479894fcb21e65170aa68f3c4b2291421ad12b06c078088bbb958a4db48dadb851bbe1f296c0b185a74775289b1c0b39cfc03c00f789bda
-
SSDEEP
12288:S5cMpbKbfSdZ8j6c0auzbQrRBc54wqArINxw3Qi+:SqKbKCZ8jUaAMRBc54zAErw3Q
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1360033246:AAF6H8m6YrL09doyxtsvJzZ_cIl__BCF4aU/sendDocument
Targets
-
-
Target
832d243861035e21f268e5dd0ef03dc289a9448aca36cdae4449bbc7cb30d0da.exe
-
Size
669KB
-
MD5
9ae305b0f8e1766b18dfeeb71a4448fe
-
SHA1
6c90cfad19dec005363307cf428c1e71cc95aec7
-
SHA256
832d243861035e21f268e5dd0ef03dc289a9448aca36cdae4449bbc7cb30d0da
-
SHA512
4753c3bac1ba3cbef479894fcb21e65170aa68f3c4b2291421ad12b06c078088bbb958a4db48dadb851bbe1f296c0b185a74775289b1c0b39cfc03c00f789bda
-
SSDEEP
12288:S5cMpbKbfSdZ8j6c0auzbQrRBc54wqArINxw3Qi+:SqKbKCZ8jUaAMRBc54zAErw3Q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-