General
-
Target
tmp
-
Size
294KB
-
Sample
230313-1xfcxsec5w
-
MD5
2ff3c88cc079f50ba0000d386f8f208f
-
SHA1
3c8e9271e6eae83788c36874ec7e15c780bc6a77
-
SHA256
4b3b2e33768b07e48c7b2a32ec2e0f0fcd94b2062170b975f5324d77d28105a2
-
SHA512
ab1cffe6c627fdc4ed363de3d7219dffc77e374832e54fc27800fcf62799d4ea3e05e4ed482f1d268747edd43434ad1bf17e5a7f8d21187dd4e00ec1cfa28347
-
SSDEEP
6144:/Ya6RYWU4NPB0erIvWmDVUzlB6TANcHDveE1uj0DHfqXG:/Yz1zNierIeUVq6YcHxckfqXG
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/
Targets
-
-
Target
tmp
-
Size
294KB
-
MD5
2ff3c88cc079f50ba0000d386f8f208f
-
SHA1
3c8e9271e6eae83788c36874ec7e15c780bc6a77
-
SHA256
4b3b2e33768b07e48c7b2a32ec2e0f0fcd94b2062170b975f5324d77d28105a2
-
SHA512
ab1cffe6c627fdc4ed363de3d7219dffc77e374832e54fc27800fcf62799d4ea3e05e4ed482f1d268747edd43434ad1bf17e5a7f8d21187dd4e00ec1cfa28347
-
SSDEEP
6144:/Ya6RYWU4NPB0erIvWmDVUzlB6TANcHDveE1uj0DHfqXG:/Yz1zNierIeUVq6YcHxckfqXG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-