General
-
Target
aad777a2d2f4c889859ca2fbdc9d2bc782cf989c31d95be12abda966f4cbaf19.exe
-
Size
658KB
-
Sample
230330-reet1aed6x
-
MD5
7b24c2a7b3c1ec900ed0a845a38e123d
-
SHA1
a89235fac848e250412b1a965e2ecf572ad52fd4
-
SHA256
aad777a2d2f4c889859ca2fbdc9d2bc782cf989c31d95be12abda966f4cbaf19
-
SHA512
da610742b1ad6ea895436c6768e50dce830d3267c6b215ed882362ad7b39834a8daefc33fa5d407e8d04d7fb3ab136ad74ec9f9028a7f3fee405e9dd4ae0d20f
-
SSDEEP
12288:NvB3nmQRN7MPR0jPbomnUI55apZ6OLCUqYj9MhwmpHSzZ8ofCimOMt+:Np3nmQ7CIomnUI55wZPCUqYjuwWy98G8
Static task
static1
Behavioral task
behavioral1
Sample
aad777a2d2f4c889859ca2fbdc9d2bc782cf989c31d95be12abda966f4cbaf19.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
aad777a2d2f4c889859ca2fbdc9d2bc782cf989c31d95be12abda966f4cbaf19.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6045247615:AAHhJ3cfSHaXw3ZVFV0QJWaTMcgPU9OMGvM/
Targets
-
-
Target
aad777a2d2f4c889859ca2fbdc9d2bc782cf989c31d95be12abda966f4cbaf19.exe
-
Size
658KB
-
MD5
7b24c2a7b3c1ec900ed0a845a38e123d
-
SHA1
a89235fac848e250412b1a965e2ecf572ad52fd4
-
SHA256
aad777a2d2f4c889859ca2fbdc9d2bc782cf989c31d95be12abda966f4cbaf19
-
SHA512
da610742b1ad6ea895436c6768e50dce830d3267c6b215ed882362ad7b39834a8daefc33fa5d407e8d04d7fb3ab136ad74ec9f9028a7f3fee405e9dd4ae0d20f
-
SSDEEP
12288:NvB3nmQRN7MPR0jPbomnUI55apZ6OLCUqYj9MhwmpHSzZ8ofCimOMt+:Np3nmQ7CIomnUI55wZPCUqYjuwWy98G8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-