General
-
Target
1340-62-0x0000000004D20000-0x0000000004D5C000-memory.dmp
-
Size
240KB
-
Sample
221208-d4t4bsbh5y
-
MD5
a894105f66af80d60c0701241d69d68b
-
SHA1
4c9063e72fa6f9b9e118abb7bb7adc6285834c0a
-
SHA256
ad8fb6ff98db58cac579c001a5cadb844fcc02cfbfbd6b96b9afdcdb4793f009
-
SHA512
5874e70958f1693e6ed52b70a9301ef75a4646ca03e1de9a099007a253cc3d0c355b1606e1084e8f491172fa6a9f812fee119e6a5f66215b2582f8cbb68c0d49
-
SSDEEP
6144:FK1mlrCVu7+HAtU2ZTy+5h05uWi7V8hSr44z:Smlmu6HAnfbV8Ez
Behavioral task
behavioral1
Sample
1340-62-0x0000000004D20000-0x0000000004D5C000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1340-62-0x0000000004D20000-0x0000000004D5C000-memory.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5785178474:AAHMax-4L3BCI7oKxZotKaB9eFbj8UiUu1U/
Targets
-
-
Target
1340-62-0x0000000004D20000-0x0000000004D5C000-memory.dmp
-
Size
240KB
-
MD5
a894105f66af80d60c0701241d69d68b
-
SHA1
4c9063e72fa6f9b9e118abb7bb7adc6285834c0a
-
SHA256
ad8fb6ff98db58cac579c001a5cadb844fcc02cfbfbd6b96b9afdcdb4793f009
-
SHA512
5874e70958f1693e6ed52b70a9301ef75a4646ca03e1de9a099007a253cc3d0c355b1606e1084e8f491172fa6a9f812fee119e6a5f66215b2582f8cbb68c0d49
-
SSDEEP
6144:FK1mlrCVu7+HAtU2ZTy+5h05uWi7V8hSr44z:Smlmu6HAnfbV8Ez
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-