General
-
Target
Commande nr220489 E833080.exe
-
Size
182KB
-
Sample
230330-mrn6zsdg4w
-
MD5
424d1c81092c76ac4c60ed4e2af71729
-
SHA1
dff8164676c93499d9117b8c99d59f563dc603dd
-
SHA256
cb1a95879bdec08e04762f3180ab28040288232230c0a10dfd9a9344e0fa21cb
-
SHA512
a63edebd3716d66a1959b924d2c5b00e3e5b0897325bae2923e99568a3a66e3bcc837d8aaf48c7014cf4c0ab4974fae805a65ad98b01fd39dc2bb0c4a708daf0
-
SSDEEP
3072:38MzDbnCWsIhhNzz05DDxz7k7K4adcywN/ivkMK0jTJj8xyIL32C0gAm6:MieObz83xPkerEat3jdjcyILGI
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6120421924:AAHfDg3lTzDUW4O1CSc9eyT6zf8UpaOZqyY/
Targets
-
-
Target
Commande nr220489 E833080.exe
-
Size
182KB
-
MD5
424d1c81092c76ac4c60ed4e2af71729
-
SHA1
dff8164676c93499d9117b8c99d59f563dc603dd
-
SHA256
cb1a95879bdec08e04762f3180ab28040288232230c0a10dfd9a9344e0fa21cb
-
SHA512
a63edebd3716d66a1959b924d2c5b00e3e5b0897325bae2923e99568a3a66e3bcc837d8aaf48c7014cf4c0ab4974fae805a65ad98b01fd39dc2bb0c4a708daf0
-
SSDEEP
3072:38MzDbnCWsIhhNzz05DDxz7k7K4adcywN/ivkMK0jTJj8xyIL32C0gAm6:MieObz83xPkerEat3jdjcyILGI
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-