General
-
Target
7c69c8b13870df342b88a74c4593de7cdafd313516a613e6d2c358654989b197.exe
-
Size
655KB
-
Sample
230330-reeh8sed6v
-
MD5
a85b55466d5c83a3c9b988e1b098584c
-
SHA1
df09609a0f86dc2e2970ca8f3df936649aea1a1f
-
SHA256
7c69c8b13870df342b88a74c4593de7cdafd313516a613e6d2c358654989b197
-
SHA512
d2011e7f04cbdce17c6779a0da8df55996235f4b526d316eb93cda2ec456e61cca1edb2b0cf9753ef698bbc85cf0271535b7e5be95fcfb23d3156589c5b267f1
-
SSDEEP
12288:c7imOMt+1ZayM10SR9kO9evMVDg9y4mEzKrLg08kNRzg:c7imXqZayM10SBCMxg9y4mIILg08k
Static task
static1
Behavioral task
behavioral1
Sample
7c69c8b13870df342b88a74c4593de7cdafd313516a613e6d2c358654989b197.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
7c69c8b13870df342b88a74c4593de7cdafd313516a613e6d2c358654989b197.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5425216647:AAGbQiGXp5vgyVQu7hfyzrdaFXxZvpgWjrE/
Targets
-
-
Target
7c69c8b13870df342b88a74c4593de7cdafd313516a613e6d2c358654989b197.exe
-
Size
655KB
-
MD5
a85b55466d5c83a3c9b988e1b098584c
-
SHA1
df09609a0f86dc2e2970ca8f3df936649aea1a1f
-
SHA256
7c69c8b13870df342b88a74c4593de7cdafd313516a613e6d2c358654989b197
-
SHA512
d2011e7f04cbdce17c6779a0da8df55996235f4b526d316eb93cda2ec456e61cca1edb2b0cf9753ef698bbc85cf0271535b7e5be95fcfb23d3156589c5b267f1
-
SSDEEP
12288:c7imOMt+1ZayM10SR9kO9evMVDg9y4mEzKrLg08kNRzg:c7imXqZayM10SBCMxg9y4mIILg08k
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-