General
-
Target
http://https:/www.mediafire.com/file/oj9qxzjy99wklg4/**a.tgz/file
-
Sample
221208-psc68aaa32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://https:/www.mediafire.com/file/oj9qxzjy99wklg4/**a.tgz/file
Resource
win10v2004-20220901-en
windows10-2004-x64
20 signatures
600 seconds
Malware Config
Extracted
Family
agenttesla
C2
https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/
Targets
-
-
Target
http://https:/www.mediafire.com/file/oj9qxzjy99wklg4/**a.tgz/file
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-