General
-
Target
4b63526b77bef99ddab0ed2fef6abed0ebe1044dbc769f088b43cfc1ae16186a.exe
-
Size
842KB
-
Sample
221208-psb9xsaa29
-
MD5
aed13f7e6f155ae35794771ce853b479
-
SHA1
b1a99318db4113d5c954b2318fd057bac88b0b76
-
SHA256
4b63526b77bef99ddab0ed2fef6abed0ebe1044dbc769f088b43cfc1ae16186a
-
SHA512
4138b0bf92485d697a9415ecc6fd7d1020fadf6dd5bf2efaacf6101d26125ca4db55b79a5d11cda9c3f08dc3eba7f7c5267c3fa986f2483cdf71d61d1b08b536
-
SSDEEP
24576:Cr18+L74mBfNUstzox3r8JNFIThMAYiuygbDGm8LU:CrCIix3Towo
Static task
static1
Behavioral task
behavioral1
Sample
4b63526b77bef99ddab0ed2fef6abed0ebe1044dbc769f088b43cfc1ae16186a.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4b63526b77bef99ddab0ed2fef6abed0ebe1044dbc769f088b43cfc1ae16186a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5476328609:AAGdqIkYvW9rAMdHDWP-Prv8P3MRMPpndw0/
Targets
-
-
Target
4b63526b77bef99ddab0ed2fef6abed0ebe1044dbc769f088b43cfc1ae16186a.exe
-
Size
842KB
-
MD5
aed13f7e6f155ae35794771ce853b479
-
SHA1
b1a99318db4113d5c954b2318fd057bac88b0b76
-
SHA256
4b63526b77bef99ddab0ed2fef6abed0ebe1044dbc769f088b43cfc1ae16186a
-
SHA512
4138b0bf92485d697a9415ecc6fd7d1020fadf6dd5bf2efaacf6101d26125ca4db55b79a5d11cda9c3f08dc3eba7f7c5267c3fa986f2483cdf71d61d1b08b536
-
SSDEEP
24576:Cr18+L74mBfNUstzox3r8JNFIThMAYiuygbDGm8LU:CrCIix3Towo
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-