General
-
Target
9196273424391332296b033958a8271b9937e8688e3a3c36bd04d5dd62f164cc.exe
-
Size
729KB
-
Sample
221208-naagyacg5s
-
MD5
87458cb86833d07252ebb09ce2704110
-
SHA1
49327866d96179f67facbf3e542e5ca94f57bdfd
-
SHA256
9196273424391332296b033958a8271b9937e8688e3a3c36bd04d5dd62f164cc
-
SHA512
5e040e8b0f70c552512da26002c38601671d758713e9a84d81a4af33e91ea5dda2b2f16792355622f24f619c8c4b1b26e8e94656f7e7d98858f8c70216126aca
-
SSDEEP
12288:Dtgh/PsZ1DX/VDJVJDtEfUbtbAKhT/P1dcL3Dc/E2WgMe:Dtgh/PWJ6Ubtb7hTTKDc5WgMe
Static task
static1
Behavioral task
behavioral1
Sample
9196273424391332296b033958a8271b9937e8688e3a3c36bd04d5dd62f164cc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9196273424391332296b033958a8271b9937e8688e3a3c36bd04d5dd62f164cc.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5088709131:AAFHCIxHU907RAI3XEaH2G6LgE9wrdrAgI0/sendDocument
Targets
-
-
Target
9196273424391332296b033958a8271b9937e8688e3a3c36bd04d5dd62f164cc.exe
-
Size
729KB
-
MD5
87458cb86833d07252ebb09ce2704110
-
SHA1
49327866d96179f67facbf3e542e5ca94f57bdfd
-
SHA256
9196273424391332296b033958a8271b9937e8688e3a3c36bd04d5dd62f164cc
-
SHA512
5e040e8b0f70c552512da26002c38601671d758713e9a84d81a4af33e91ea5dda2b2f16792355622f24f619c8c4b1b26e8e94656f7e7d98858f8c70216126aca
-
SSDEEP
12288:Dtgh/PsZ1DX/VDJVJDtEfUbtbAKhT/P1dcL3Dc/E2WgMe:Dtgh/PWJ6Ubtb7hTTKDc5WgMe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-