General
-
Target
SOA Feb-March 2023.zip
-
Size
991KB
-
Sample
230331-jdbrysgh24
-
MD5
9a7cce81d0f888c3bd1c4bfce2cc6da9
-
SHA1
88ecb6277d19fada8b4e3462f9dd8bffbf1ed0e4
-
SHA256
15d502ca6233539987d32fc7a0e633ca437e3e41b0dd579f0fb5746d7076fc86
-
SHA512
a3fadefc07c587d404267dec0e03395b1f14be3b48b6c793d0b884b25d8f3d2ade6baec37af68f8648e09b457087429d5bb5d9be3b1794b21013418ef018f980
-
SSDEEP
24576:0hIVGnseePJp3jr0A7bxRm9+e7P71q0YiQ+hRW9fe35gBA8:u+GnRe3jQSbxR/STw0YiQAmbA8
Static task
static1
Behavioral task
behavioral1
Sample
SOA Feb-March 2023.bat
Resource
win7-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5663632223:AAG5KHZDs7KWoaqTYx3lSyFlOdfD9vGegQo/
Targets
-
-
Target
SOA Feb-March 2023.bat
-
Size
1.3MB
-
MD5
9f8f23997c4e07be88d8dbe835c8b6ed
-
SHA1
9f40b97b7e1605b05174a6547b9ff470511d5a1f
-
SHA256
a354101aa8c8db6f2b337ebc68571edd296d374ad8a99f79fd62d2c07321993e
-
SHA512
5c0660381331a47163f7cd4e1e87c156966dd8c068d852073429523d29e92c934f3de381a7bd8e6cf1efaf94b21864c91c620b850e93c2399ccef476d8228586
-
SSDEEP
24576:VXdQ7L0Et7plPQaneOkwJzHqOoLokXb184bQM9w5WpFapcq+14kEKaQ8wV9GtnR:KznmW1VH9w2S4QPGr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-