General
-
Target
06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b
-
Size
622KB
-
Sample
231202-c1mz6she58
-
MD5
ee58f332b2d27a1bdd8b0de098e6165c
-
SHA1
d0e9ec92594ef432758e63ab31f7751872c3573c
-
SHA256
06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b
-
SHA512
b9c1c84fad01332771dcdb26c833705eac7e0ec5aed399414e4c4f93a241907279415d2e1dd3acfccd8a9f042918f598377e1138ed87995fa6a2d9b4b13b517f
-
SSDEEP
12288:IqfLYYZXTyX0Tp+fkI5/Gh/tDpWNIIe8frsBP3MKJBPeaHwxX:bXTD+fkjDp+IIeOI539JBPLQ
Static task
static1
Behavioral task
behavioral1
Sample
06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6462317492:AAGRLAwoTiA42PAg_wJuGwDb61KKicShMe4/
Targets
-
-
Target
06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b
-
Size
622KB
-
MD5
ee58f332b2d27a1bdd8b0de098e6165c
-
SHA1
d0e9ec92594ef432758e63ab31f7751872c3573c
-
SHA256
06c8a5695959ee2655fb9a537cf855398a4c814000b20d3af61c93f16e21b69b
-
SHA512
b9c1c84fad01332771dcdb26c833705eac7e0ec5aed399414e4c4f93a241907279415d2e1dd3acfccd8a9f042918f598377e1138ed87995fa6a2d9b4b13b517f
-
SSDEEP
12288:IqfLYYZXTyX0Tp+fkI5/Gh/tDpWNIIe8frsBP3MKJBPeaHwxX:bXTD+fkjDp+IIeOI539JBPLQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-