General
-
Target
14bbd07c46327a8c4aeb412454bca9b2b46f254f63f562012d2d45f02b812766.exe
-
Size
656KB
-
Sample
230330-red8gaed6s
-
MD5
8d02daa7c58763d4400b7f93b97ca5a8
-
SHA1
53bf5bbb7546f51ae1c4dcede475253926c02469
-
SHA256
14bbd07c46327a8c4aeb412454bca9b2b46f254f63f562012d2d45f02b812766
-
SHA512
99270d0f11fa1b30ef4d1b6dfc82262cf66a7cc60ec13e93165f44463a28a7141d619318eb2d307b89dc2483cb3706d7c4364eb19219ebe8c38e8d898d2ff99f
-
SSDEEP
12288:J9YUyFQnN1CfJf68CtY4S9xadgqJ2kiQWTuJQi/tYimOMt+b:JOUy2ChC8Cq4SkQRSJQOtYimXS
Static task
static1
Behavioral task
behavioral1
Sample
14bbd07c46327a8c4aeb412454bca9b2b46f254f63f562012d2d45f02b812766.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
14bbd07c46327a8c4aeb412454bca9b2b46f254f63f562012d2d45f02b812766.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6075739455:AAHe8R-bN_vcaksBj2uJqf7_UPUC6y1cLWs/
Targets
-
-
Target
14bbd07c46327a8c4aeb412454bca9b2b46f254f63f562012d2d45f02b812766.exe
-
Size
656KB
-
MD5
8d02daa7c58763d4400b7f93b97ca5a8
-
SHA1
53bf5bbb7546f51ae1c4dcede475253926c02469
-
SHA256
14bbd07c46327a8c4aeb412454bca9b2b46f254f63f562012d2d45f02b812766
-
SHA512
99270d0f11fa1b30ef4d1b6dfc82262cf66a7cc60ec13e93165f44463a28a7141d619318eb2d307b89dc2483cb3706d7c4364eb19219ebe8c38e8d898d2ff99f
-
SSDEEP
12288:J9YUyFQnN1CfJf68CtY4S9xadgqJ2kiQWTuJQi/tYimOMt+b:JOUy2ChC8Cq4SkQRSJQOtYimXS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-