General
-
Target
SOA 22011~2302.exe
-
Size
628KB
-
Sample
230403-hxm4naeg5x
-
MD5
d3fea9f328fda4aacb4b5076701ce969
-
SHA1
fe23b935f871609c836b1b5cc4c598da2785f970
-
SHA256
45981fd05046a30bdeb47e1976b3eb1c82d445647213095ca17168e1eb35be7b
-
SHA512
5dd2d7c724c81af1e1be8ed9b29b7df5e77b6c1de9beea07849a8bc0beb9870dfcb22032ee6267ce490d827f5b0120cf38e0621e8a34ace7cdf844ed97a68943
-
SSDEEP
12288:4D/OVtLVzLwrm1SR9nSzvGvr8+MF561/To+E4eK9QCZ:iwSYvGvr8+M/61/k4l9
Static task
static1
Behavioral task
behavioral1
Sample
SOA 22011~2302.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SOA 22011~2302.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5663632223:AAG5KHZDs7KWoaqTYx3lSyFlOdfD9vGegQo/
Targets
-
-
Target
SOA 22011~2302.exe
-
Size
628KB
-
MD5
d3fea9f328fda4aacb4b5076701ce969
-
SHA1
fe23b935f871609c836b1b5cc4c598da2785f970
-
SHA256
45981fd05046a30bdeb47e1976b3eb1c82d445647213095ca17168e1eb35be7b
-
SHA512
5dd2d7c724c81af1e1be8ed9b29b7df5e77b6c1de9beea07849a8bc0beb9870dfcb22032ee6267ce490d827f5b0120cf38e0621e8a34ace7cdf844ed97a68943
-
SSDEEP
12288:4D/OVtLVzLwrm1SR9nSzvGvr8+MF561/To+E4eK9QCZ:iwSYvGvr8+M/61/k4l9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-