General
-
Target
Data transfer-24032027-9076789.exe
-
Size
179KB
-
Sample
230328-nm2rysaf86
-
MD5
96de4e494cc8dadf4a610b52b0569b3f
-
SHA1
e9092999e3e1d70b7f6ab3db38bb92388416a58e
-
SHA256
5b3abc9e54759936dbc3c305e15d8a66fc73b678b7c3cedff9253197bc5adb62
-
SHA512
d83e2b6dbe4efa5891fd25a43b0c85a91118d1aacaf9df1378532bde044eb57e6b796ee0f5779b072dfaac6c9b56549ba62a81c7228be6d9e2d9aa2db84d21f6
-
SSDEEP
3072:qcw32u7ngLqYf3kg3yrAS9vnK8uXZQIep5ampfnXOra+uXGHo1hjC0gAm6:bjuLo8gWAknduXqZpsmx+r2GHo1hI
Static task
static1
Behavioral task
behavioral1
Sample
Data transfer-24032027-9076789.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Data transfer-24032027-9076789.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6262492833:AAHaUuoq9QZVEwKEavotonUGxyvo9awYf6U/
Targets
-
-
Target
Data transfer-24032027-9076789.exe
-
Size
179KB
-
MD5
96de4e494cc8dadf4a610b52b0569b3f
-
SHA1
e9092999e3e1d70b7f6ab3db38bb92388416a58e
-
SHA256
5b3abc9e54759936dbc3c305e15d8a66fc73b678b7c3cedff9253197bc5adb62
-
SHA512
d83e2b6dbe4efa5891fd25a43b0c85a91118d1aacaf9df1378532bde044eb57e6b796ee0f5779b072dfaac6c9b56549ba62a81c7228be6d9e2d9aa2db84d21f6
-
SSDEEP
3072:qcw32u7ngLqYf3kg3yrAS9vnK8uXZQIep5ampfnXOra+uXGHo1hjC0gAm6:bjuLo8gWAknduXqZpsmx+r2GHo1hI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-