General
-
Target
Dekont,pdf.exe
-
Size
220KB
-
Sample
230403-pp3ygagc3z
-
MD5
3f1c97d2f5200204e711e812b63b2b99
-
SHA1
b7edbc37fd17d4b1d890ffa5565b548f4aebb40e
-
SHA256
45a156f54da1d261e560ed2ebfd861aca470562ccca7878f44421de8089c224e
-
SHA512
05893ea315eab2e08dfbc8d8cdf1edcfe9086ac48e02c9ebc02e3319eb7901e0097ecaf2156275773f47dce332a7d4274bbb596ae1763cde78bd1e55e7a25131
-
SSDEEP
6144:fYYUtx+U3w8fg7Mv2D7mtGB8BHVQ+zJcM/PA6gLnqI:fFUt4eq+2Xmto8BjF9AuI
Static task
static1
Behavioral task
behavioral1
Sample
Dekont,pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Dekont,pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6120421924:AAHfDg3lTzDUW4O1CSc9eyT6zf8UpaOZqyY/
Targets
-
-
Target
Dekont,pdf.exe
-
Size
220KB
-
MD5
3f1c97d2f5200204e711e812b63b2b99
-
SHA1
b7edbc37fd17d4b1d890ffa5565b548f4aebb40e
-
SHA256
45a156f54da1d261e560ed2ebfd861aca470562ccca7878f44421de8089c224e
-
SHA512
05893ea315eab2e08dfbc8d8cdf1edcfe9086ac48e02c9ebc02e3319eb7901e0097ecaf2156275773f47dce332a7d4274bbb596ae1763cde78bd1e55e7a25131
-
SSDEEP
6144:fYYUtx+U3w8fg7Mv2D7mtGB8BHVQ+zJcM/PA6gLnqI:fFUt4eq+2Xmto8BjF9AuI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-