General
-
Target
3.zip
-
Size
991KB
-
Sample
230331-qtx4fsba71
-
MD5
5ced90e370f8c7214ba3caf5110849dc
-
SHA1
5e0359a18972c13f13c41b4fcfa40c27cb63ce54
-
SHA256
f77a389fbc2335a548776f68c73746c077e4ee29532b14bb2906a422178604da
-
SHA512
fd23347b813680585f3c10103f45383b66500cb619d9e7951c02b4f3e0bddadd6b4ea7e70b23ecce6cdc41c695aa1a0a6392a77f24885e76122560d0ce53da11
-
SSDEEP
24576:chIVGnseePJp3jr0A7bxRm9+e7P71q0YiQ+hRW9fe35gBAu:W+GnRe3jQSbxR/STw0YiQAmbAu
Static task
static1
Behavioral task
behavioral1
Sample
Quotation 911799 - EM092723.bat
Resource
win7-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5663632223:AAG5KHZDs7KWoaqTYx3lSyFlOdfD9vGegQo/
Targets
-
-
Target
Quotation 911799 - EM092723.bat
-
Size
1.3MB
-
MD5
9f8f23997c4e07be88d8dbe835c8b6ed
-
SHA1
9f40b97b7e1605b05174a6547b9ff470511d5a1f
-
SHA256
a354101aa8c8db6f2b337ebc68571edd296d374ad8a99f79fd62d2c07321993e
-
SHA512
5c0660381331a47163f7cd4e1e87c156966dd8c068d852073429523d29e92c934f3de381a7bd8e6cf1efaf94b21864c91c620b850e93c2399ccef476d8228586
-
SSDEEP
24576:VXdQ7L0Et7plPQaneOkwJzHqOoLokXb184bQM9w5WpFapcq+14kEKaQ8wV9GtnR:KznmW1VH9w2S4QPGr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-