General
-
Target
7e5aeae4b1308c9ae003470343717c1dba150f56448d2730d30509eb81ade747
-
Size
966KB
-
Sample
230403-nnmz7afh41
-
MD5
772f41b5b21ec9fb68b8b3805839fb54
-
SHA1
254f0a4a206195e51ede84b125aa2eb896adcfa2
-
SHA256
7e5aeae4b1308c9ae003470343717c1dba150f56448d2730d30509eb81ade747
-
SHA512
43d6eba4403b5b26ea6ff9161c9365b2f6ee280b07f5703e7a35885d2312d412883141059601e01ab62bc35a472760eead667700327932b172b6240bd1595719
-
SSDEEP
24576:xdMU5fPXiSz0mJTdKBetEHCqu2bBkAbqafC5ZaWyo+gZRf0:xdMUVpFj8U+2BaK5oWybgZRf0
Static task
static1
Behavioral task
behavioral1
Sample
7e5aeae4b1308c9ae003470343717c1dba150f56448d2730d30509eb81ade747.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
7e5aeae4b1308c9ae003470343717c1dba150f56448d2730d30509eb81ade747.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6096662297:AAG_p__MDOrl-GW8m1_d4KE8lp9LaFVvEfM/
Targets
-
-
Target
7e5aeae4b1308c9ae003470343717c1dba150f56448d2730d30509eb81ade747
-
Size
966KB
-
MD5
772f41b5b21ec9fb68b8b3805839fb54
-
SHA1
254f0a4a206195e51ede84b125aa2eb896adcfa2
-
SHA256
7e5aeae4b1308c9ae003470343717c1dba150f56448d2730d30509eb81ade747
-
SHA512
43d6eba4403b5b26ea6ff9161c9365b2f6ee280b07f5703e7a35885d2312d412883141059601e01ab62bc35a472760eead667700327932b172b6240bd1595719
-
SSDEEP
24576:xdMU5fPXiSz0mJTdKBetEHCqu2bBkAbqafC5ZaWyo+gZRf0:xdMUVpFj8U+2BaK5oWybgZRf0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-