General
-
Target
z1RES_AGB_eroFame_EN_2023.exe
-
Size
791KB
-
Sample
230327-pwrh1sfe4x
-
MD5
bb692c2529d69ab4e893ca2e30b0d8eb
-
SHA1
134d722d3d2d64dceb2511ffd65fa65836b7774d
-
SHA256
d9291d64e26f7adb615e269cac4577c1fdd30c2f4f82868d97ff9d1bca4cdb73
-
SHA512
0ad2bd8878fabb5f6e30b3500ea0923aeeba472b968a546e8ac5bbe704db4584cc74d0fbde7a1223aa5e22e226d0d8a7603356960018118e3581c6bf6db99554
-
SSDEEP
12288:vA5xB0OH2J3RcMrPj8gPGr0MdUH38NbC/UkMxFEXkNidD3LLigLJwsuHJhZ:vA5rcFRcMv8mIr6Yp7DsriMysupD
Static task
static1
Behavioral task
behavioral1
Sample
z1RES_AGB_eroFame_EN_2023.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
z1RES_AGB_eroFame_EN_2023.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6126200999:AAGl6SGptu7yDfEtkr6O0gjkZAOexeUyH6E/
Targets
-
-
Target
z1RES_AGB_eroFame_EN_2023.exe
-
Size
791KB
-
MD5
bb692c2529d69ab4e893ca2e30b0d8eb
-
SHA1
134d722d3d2d64dceb2511ffd65fa65836b7774d
-
SHA256
d9291d64e26f7adb615e269cac4577c1fdd30c2f4f82868d97ff9d1bca4cdb73
-
SHA512
0ad2bd8878fabb5f6e30b3500ea0923aeeba472b968a546e8ac5bbe704db4584cc74d0fbde7a1223aa5e22e226d0d8a7603356960018118e3581c6bf6db99554
-
SSDEEP
12288:vA5xB0OH2J3RcMrPj8gPGr0MdUH38NbC/UkMxFEXkNidD3LLigLJwsuHJhZ:vA5rcFRcMv8mIr6Yp7DsriMysupD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-