General
-
Target
ET818xlsx.exe
-
Size
792KB
-
Sample
230327-z7c5wafc85
-
MD5
22544043f85b9854e9dc204d3c6ad576
-
SHA1
c57adb0975a16b0adcf8e2a29728f343a7177099
-
SHA256
7967818a2f7372fe44eec025ff0fbba1d964a5fb20ac0c2f3d17dbaf1359cc29
-
SHA512
86468823853af25ae653f477eb3f6545aad47576b3fd02fd87a7cc0e38fc2225b0e5f3f7b9a0b9d956d3afb23b323db4ec46f950fc9530a6eaf1cb4fb9e40863
-
SSDEEP
12288:6f14CfyiII23mqIEtRwjZZCBSCptRdcqgx:dit2JIELKCBVp/dcqg
Static task
static1
Behavioral task
behavioral1
Sample
ET818xlsx.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ET818xlsx.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6220647510:AAEXVL33hXP6OuuOG0utJ28707kS7BmjFfY/
Targets
-
-
Target
ET818xlsx.exe
-
Size
792KB
-
MD5
22544043f85b9854e9dc204d3c6ad576
-
SHA1
c57adb0975a16b0adcf8e2a29728f343a7177099
-
SHA256
7967818a2f7372fe44eec025ff0fbba1d964a5fb20ac0c2f3d17dbaf1359cc29
-
SHA512
86468823853af25ae653f477eb3f6545aad47576b3fd02fd87a7cc0e38fc2225b0e5f3f7b9a0b9d956d3afb23b323db4ec46f950fc9530a6eaf1cb4fb9e40863
-
SSDEEP
12288:6f14CfyiII23mqIEtRwjZZCBSCptRdcqgx:dit2JIELKCBVp/dcqg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-