General
-
Target
tmp
-
Size
1.0MB
-
Sample
231201-tgmczadd25
-
MD5
5e32b356e47560e7920fe291ab2d0c6c
-
SHA1
950d0ac0deb7bba590731dcdf879cb5156214abb
-
SHA256
0ec323f55808814136b3c1059277ac2a2753955676218a13aacc73565fea684e
-
SHA512
59c1935d2cb6b3147e5155cc7d273b0dc4aee0f54be9a82891ccefd066fa8418c1fb5ad1fa3a1add131cc8e1c4a56b801b20aaf08b8ba5e45636e1a43fd3de12
-
SSDEEP
24576:X/91i2tfLlwQiAgf2rf58SdKMFyZ6uKrXjk71IgGhr1k1+PbZo12a6z:XXFSMgf2zVpHw2pagzZo1w
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5866032214:AAFIOyXMBAXtSDPbd1lqRSgP4WSftaTimg4/
Targets
-
-
Target
tmp
-
Size
1.0MB
-
MD5
5e32b356e47560e7920fe291ab2d0c6c
-
SHA1
950d0ac0deb7bba590731dcdf879cb5156214abb
-
SHA256
0ec323f55808814136b3c1059277ac2a2753955676218a13aacc73565fea684e
-
SHA512
59c1935d2cb6b3147e5155cc7d273b0dc4aee0f54be9a82891ccefd066fa8418c1fb5ad1fa3a1add131cc8e1c4a56b801b20aaf08b8ba5e45636e1a43fd3de12
-
SSDEEP
24576:X/91i2tfLlwQiAgf2rf58SdKMFyZ6uKrXjk71IgGhr1k1+PbZo12a6z:XXFSMgf2zVpHw2pagzZo1w
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-