General
-
Target
ab6fafebd036ab9738f9dda1658aaa02
-
Size
897KB
-
Sample
221208-bajpdsbf3z
-
MD5
ab6fafebd036ab9738f9dda1658aaa02
-
SHA1
273bc1323249392e09ea541acb8dd9a544f03b02
-
SHA256
1dc4c70d1b563bd1fcf3dd52a9e25206f1573ed15791f52b59dcab1a13821b98
-
SHA512
7c411cebbd51a6e8bb1a4750347b54fb7ea9eb2337e92f9bd4ae03fc612b019234c78efd98fb84bbd8f29ed9ab7e9f702fab44bbdff1bbed161526328bac4b98
-
SSDEEP
12288:2oQgKZ/nXt7virmWhlGLaQYIfc4xXSKIEDrA4kIYUKvfzmFtYBvjsc1drARjDy7u:6c2tRrC3zmDgvjscDUpjsVS
Static task
static1
Behavioral task
behavioral1
Sample
ab6fafebd036ab9738f9dda1658aaa02.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ab6fafebd036ab9738f9dda1658aaa02.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5015424630:AAHYFU1sKtYqSORHBErFCWNjJz1TpXKj30w/sendDocument
Targets
-
-
Target
ab6fafebd036ab9738f9dda1658aaa02
-
Size
897KB
-
MD5
ab6fafebd036ab9738f9dda1658aaa02
-
SHA1
273bc1323249392e09ea541acb8dd9a544f03b02
-
SHA256
1dc4c70d1b563bd1fcf3dd52a9e25206f1573ed15791f52b59dcab1a13821b98
-
SHA512
7c411cebbd51a6e8bb1a4750347b54fb7ea9eb2337e92f9bd4ae03fc612b019234c78efd98fb84bbd8f29ed9ab7e9f702fab44bbdff1bbed161526328bac4b98
-
SSDEEP
12288:2oQgKZ/nXt7virmWhlGLaQYIfc4xXSKIEDrA4kIYUKvfzmFtYBvjsc1drARjDy7u:6c2tRrC3zmDgvjscDUpjsVS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-