General
-
Target
tmpbodc5ql2
-
Size
792KB
-
Sample
230327-tfmbkseb74
-
MD5
5d011c12ed97239fabd4ef522052f177
-
SHA1
97e5dcc197038fe5d365debff4f58e11c8d2626a
-
SHA256
a104e9ce898c2cd4c26942e2d66f25639ec940643e18007a636fc14800da19e7
-
SHA512
0c16b110eb93e47165e570428d0351b231d48e139c585d63f903c967c0222f1582fbec9d443451f31b87a2bd40ef37ca7a67877199c9b594fa75ea965ecba469
-
SSDEEP
24576:JA5kq7VP+jUW2BybxpPXQqabxB4bnUUtJPOeAD:i5DdByN9HaXUtJPOJ
Static task
static1
Behavioral task
behavioral1
Sample
tmpbodc5ql2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmpbodc5ql2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6127975868:AAHe9_HdeyVjj_GUNUbUWkUihJckzlPKmEc/
Targets
-
-
Target
tmpbodc5ql2
-
Size
792KB
-
MD5
5d011c12ed97239fabd4ef522052f177
-
SHA1
97e5dcc197038fe5d365debff4f58e11c8d2626a
-
SHA256
a104e9ce898c2cd4c26942e2d66f25639ec940643e18007a636fc14800da19e7
-
SHA512
0c16b110eb93e47165e570428d0351b231d48e139c585d63f903c967c0222f1582fbec9d443451f31b87a2bd40ef37ca7a67877199c9b594fa75ea965ecba469
-
SSDEEP
24576:JA5kq7VP+jUW2BybxpPXQqabxB4bnUUtJPOeAD:i5DdByN9HaXUtJPOJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-