General
-
Target
50430be7e76cee93bfb67f638c45db24.bin
-
Size
21KB
-
Sample
230401-bs5pksgd2y
-
MD5
1688ed6e73f80ccc520d5f4978bb5530
-
SHA1
88a6dde0c1c5f74bb9b228949564589b04a74925
-
SHA256
7cf2e063fab3ff361296d7d48e0fcc6948c1edd11979f2a7731e69dabe90a2b4
-
SHA512
ab250d8aaa7780a64a63f4b3c9cc3e902348cd676ec63fba2666a9a996243715f34899370e1d0df7448024049612633a370fa354f385703a1c9c7e0879790172
-
SSDEEP
384:siCFgVKeaOQbC61aHFhULRanOM7BOeeeAiihl5a565S4orWBJPl61EEbN:9CFiKeaOQb6sAdOmATxqQS4NnSEEbN
Static task
static1
Behavioral task
behavioral1
Sample
88c4fd970ee45f12ab4b95370a2ceffa64dc27b0da5e181f5755532aad7010c5.vbs
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
88c4fd970ee45f12ab4b95370a2ceffa64dc27b0da5e181f5755532aad7010c5.vbs
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5361912293:AAGLRU8lOnvgedEVLW84nw6uJBR8KKRq6f4/
Targets
-
-
Target
88c4fd970ee45f12ab4b95370a2ceffa64dc27b0da5e181f5755532aad7010c5.vbs
-
Size
339KB
-
MD5
50430be7e76cee93bfb67f638c45db24
-
SHA1
f367d92793ad4a7b6765a5ee2183a418c34c10a9
-
SHA256
88c4fd970ee45f12ab4b95370a2ceffa64dc27b0da5e181f5755532aad7010c5
-
SHA512
ae70b5fe2e4c110c6e7c5a2e4c38dae2a313630d8c4dc2cf0685986ad30a5d61a391d26422de228c015846f51ca2146d8db57aedc81fa95ae74432ba6dac8a44
-
SSDEEP
1536:j89r/aDcWJwG0mtvR/Eg5lq1laktrO8MmxqMsTMBhuiW:Kto/
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-