General
-
Target
67f89696750e4be4cb113d5dff88da5b7b803df94f6ad6fcfd3520af26eb9e61.exe
-
Size
819KB
-
Sample
221206-pwrtsacf3s
-
MD5
c0e228b66abae5f9cb6dfbf2cea0acd8
-
SHA1
47e916c0ae80177dfd9bfa697f45344f42108963
-
SHA256
67f89696750e4be4cb113d5dff88da5b7b803df94f6ad6fcfd3520af26eb9e61
-
SHA512
6c7bda94a0f0b41223ada89ae9c2bb584feef05294d20e74864edde843cb2efddb87684ca3a8d8a72f5924441ee31a7e201fdb1234950cdd63b417234305cfd5
-
SSDEEP
6144:OXQxSka4ihChxppWtvG8KSx2f3E3Y9tQ3XgPQB2cpMF:OXQxBbihChxppW63E3Y9tQ3XgPm2cpM
Static task
static1
Behavioral task
behavioral1
Sample
67f89696750e4be4cb113d5dff88da5b7b803df94f6ad6fcfd3520af26eb9e61.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
67f89696750e4be4cb113d5dff88da5b7b803df94f6ad6fcfd3520af26eb9e61.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5970985875:AAGxcS7riy4ZlEmFj2Z031AsUoRvment2iI/
Targets
-
-
Target
67f89696750e4be4cb113d5dff88da5b7b803df94f6ad6fcfd3520af26eb9e61.exe
-
Size
819KB
-
MD5
c0e228b66abae5f9cb6dfbf2cea0acd8
-
SHA1
47e916c0ae80177dfd9bfa697f45344f42108963
-
SHA256
67f89696750e4be4cb113d5dff88da5b7b803df94f6ad6fcfd3520af26eb9e61
-
SHA512
6c7bda94a0f0b41223ada89ae9c2bb584feef05294d20e74864edde843cb2efddb87684ca3a8d8a72f5924441ee31a7e201fdb1234950cdd63b417234305cfd5
-
SSDEEP
6144:OXQxSka4ihChxppWtvG8KSx2f3E3Y9tQ3XgPQB2cpMF:OXQxBbihChxppW63E3Y9tQ3XgPm2cpM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-