General
-
Target
GIB.exe
-
Size
455KB
-
Sample
230328-qttq2abc65
-
MD5
e47210accd809054f50bb4f1c765004e
-
SHA1
a37d125ebe7641fd00addf211083cafe08335f06
-
SHA256
43d66102096b171d791582ce4ad7881c68946594a91fa9c4931e9fae6b70e806
-
SHA512
78a402c688b230fb5fdcdb41de13d5e4b4712be0bc55b71d2275cb6072c0734a3aef172d72088ade88d308b6337c1b928ebea5cfe8079b43dcb0e45775fc0252
-
SSDEEP
12288:ZjXTfWDjZOeitDtLlP547QTbIbjGV3u3Cj3YE2:J7WfZOfllIbjIeScD
Static task
static1
Behavioral task
behavioral1
Sample
GIB.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
GIB.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/
Targets
-
-
Target
GIB.exe
-
Size
455KB
-
MD5
e47210accd809054f50bb4f1c765004e
-
SHA1
a37d125ebe7641fd00addf211083cafe08335f06
-
SHA256
43d66102096b171d791582ce4ad7881c68946594a91fa9c4931e9fae6b70e806
-
SHA512
78a402c688b230fb5fdcdb41de13d5e4b4712be0bc55b71d2275cb6072c0734a3aef172d72088ade88d308b6337c1b928ebea5cfe8079b43dcb0e45775fc0252
-
SSDEEP
12288:ZjXTfWDjZOeitDtLlP547QTbIbjGV3u3Cj3YE2:J7WfZOfllIbjIeScD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-