General
-
Target
payment 9IE0JcEfxjSo9Ro.ace
-
Size
794KB
-
Sample
230206-r2e4aahf7x
-
MD5
8317c07bc4b1c2cd535daa07f68b8ac5
-
SHA1
f2945e3886a50ba599bbc8f0d9f39db028fad6e7
-
SHA256
215a621ed6291058763e9f940f8932a990b12e3d4123f6fd03d17de71955af59
-
SHA512
849e819402493d7700023782b3ef54982fec5380b42b302b97544a73509c339cc7f3e4bc72ad00457cde8ca73c8e569edbfd2cf0e279e66565f97e6f2b62645e
-
SSDEEP
12288:b3seeB2YYO7JHB9E3uOeK73i8cmW20IkB6gW7nDGg6PFN+sKFCjorK2UADh:b3/T2hS3kKuJlOHwGsKFC0G2UAV
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 9IE0JcEfxjSo9Ro.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Invoice 9IE0JcEfxjSo9Ro.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5970985875:AAGxcS7riy4ZlEmFj2Z031AsUoRvment2iI/
Targets
-
-
Target
Invoice 9IE0JcEfxjSo9Ro.exe
-
Size
826KB
-
MD5
ba22b464c09c21131ce752576c0d4f7c
-
SHA1
2bce1702f9fc83e77eb06fadb28a5d38aaca4566
-
SHA256
972c4ac3dd0f09c13e9a35417c3660f80ee5b70f393c0e84cbf7ee589c45923a
-
SHA512
1d499b66a28b88fd1599ebd4b1e3d9ed185155f97699aa4f7a64452b882f5fcc0896f7887fd05802a67aebd2b666fb2c9f027d2a8d6c705df50bf09aa6d29e0d
-
SSDEEP
12288:lpktPA7cXnyXx6q16ahRZ5GvjWZReRmJk7tfa8mgMbEfoLqOZplWnDMPqZ8tNL1s:AA71NMS5G8kpfRunLqOtQeu8tNL1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-