General
-
Target
31072022-2.exe
-
Size
757KB
-
Sample
221208-h7tn7acc3s
-
MD5
865ffbbf9721906c2f4802622261d34c
-
SHA1
04c04fb395f15820a5b22b6a5d0b377d04d95f98
-
SHA256
512041d2cf26aa8cdd11e5c0edd3a5047e887d18204e554875026ae850a49ffe
-
SHA512
84077e4b14367d5198b1d43a89963313395569fc3996dde3d04b693aabeccb0ae4dd055f7b51d5111e261ebde5d5188d2cff5dd4b6ed7606afa12ee538805c09
-
SSDEEP
12288:8wlhmomPZefBT2BRF0DKTNOJrKvG4R+0/kkUpsixfmAWwPtqvyuP/F:IomxiBT2BRF0CNO0vb+kUp5nnQFXF
Static task
static1
Behavioral task
behavioral1
Sample
31072022-2.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
31072022-2.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1611551445:AAFDJ3yQMlB3zXJGib2_TFkq1jedBMj3GTw/sendDocument
Targets
-
-
Target
31072022-2.exe
-
Size
757KB
-
MD5
865ffbbf9721906c2f4802622261d34c
-
SHA1
04c04fb395f15820a5b22b6a5d0b377d04d95f98
-
SHA256
512041d2cf26aa8cdd11e5c0edd3a5047e887d18204e554875026ae850a49ffe
-
SHA512
84077e4b14367d5198b1d43a89963313395569fc3996dde3d04b693aabeccb0ae4dd055f7b51d5111e261ebde5d5188d2cff5dd4b6ed7606afa12ee538805c09
-
SSDEEP
12288:8wlhmomPZefBT2BRF0DKTNOJrKvG4R+0/kkUpsixfmAWwPtqvyuP/F:IomxiBT2BRF0CNO0vb+kUp5nnQFXF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-