General
-
Target
8f3cb78bf3632816a1255f1d71836932.bin
-
Size
299KB
-
Sample
230328-ceernsac4t
-
MD5
bf1d230510e36ed9f8cc6db2186d8fba
-
SHA1
f9ec526e012c48bb35d5f1bfcae2449d97e7efad
-
SHA256
caed372ea04ceaaf3e9615617ec7f06a3470c88b5324ceb6b5e4cdf8425799ec
-
SHA512
b1f506a6c14eb2080afd04e69515a0b4af4aeab9b7326ff14da993245f25f6faafb15f806b2504bd5cc676525258c31ee10388409932b61e0eb912976276c6b0
-
SSDEEP
6144:LXpYRDjEmDkvRq7sBodrtT/iFPiRhKNjXPqpKXdXAg3KSCeHLWQT:NGYXpUTOiRhEi8X5f3bCNQT
Static task
static1
Behavioral task
behavioral1
Sample
9570de55edd0673b943373c62f8933668173897cc3a9a7bd976636fae991b5e1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9570de55edd0673b943373c62f8933668173897cc3a9a7bd976636fae991b5e1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6026888647:AAGb0kQIiX-9M6s_XEHToU4XcgyhOmF9JlI/
Targets
-
-
Target
9570de55edd0673b943373c62f8933668173897cc3a9a7bd976636fae991b5e1.bin
-
Size
747KB
-
MD5
8f3cb78bf3632816a1255f1d71836932
-
SHA1
c858c54d86f8b77118cb561dff239a870db0945a
-
SHA256
9570de55edd0673b943373c62f8933668173897cc3a9a7bd976636fae991b5e1
-
SHA512
8b6fe8ef129eda20fd6449a4c67caeff3b0858a2fc246ff230e28b57f03e4fde955faba20b23b20d5802c9506a811624cb6ed45f391ed4f65a3705796287eb2c
-
SSDEEP
12288:sf14CfyiII23mtF2v700UyxUAvB/+QVKdPDgw:Pit2mA75UyxU6B/+QQdPDg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-