General
-
Target
PO4510332101_1.7z
-
Size
588KB
-
Sample
230526-ntewrsfc39
-
MD5
e23e17b9c0d83864df04301d35adca6f
-
SHA1
1799eff9702eaa6b91c20a005e3eed660d5df24c
-
SHA256
2123a9408b4d88d54d24865ba52e9b362815cb6111257002ec7ebe7a168d9ccc
-
SHA512
a45be830cfe6140e78020312fad20a21b46bf33a09d4de68c2cf980b0afe0882d94591fa55ed29b188085f5c832cf43a79e51e6fa687c37eac6a4b0167396c21
-
SSDEEP
12288:QdTV4W+aSqep/ZVe62vwcIxITKmaAkwI6uWgqJP3An:UO9Jq2ZVb2vaAKm4tEK
Static task
static1
Behavioral task
behavioral1
Sample
PO4510332101.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PO4510332101.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6277498666:AAH4URlmeSysUKKZG20OTvrve55BRMLEu_o/
Targets
-
-
Target
PO4510332101.exe
-
Size
688KB
-
MD5
3ec705b898242d435e4efe407ad9a7af
-
SHA1
5f4f45f9fd8b21134123e29e931664e4130f939b
-
SHA256
92a4f2858bb9f3e546b315c52ee4e07903125b02f55c23cc8ae3e32e2012b2e0
-
SHA512
89b2704668d667effe759e1a38f26d4e83fd5ad4a28e771e8813a750a9bc6deff10dfcb60e8e61b761a72c9586e4e8de868fdd1ae79ccd28c37b7cec3f23d8c3
-
SSDEEP
12288:r7z5GoJiGaq5auNeY/ZVW62YwcIjITK93akLI1u/glJP:D5GoR5a2JZVj2YKAK9oUK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-