General
-
Target
f2e4931f21dc86182dac61a7e28a49ea06cf40e4bf32b1d5f89aafcf36aa4014
-
Size
681KB
-
Sample
231202-cy4j5she49
-
MD5
152fbaaaf5bfcb65d7956c87b2aa7465
-
SHA1
9ea47b883934476d7a85c0752d79305e07bc170c
-
SHA256
f2e4931f21dc86182dac61a7e28a49ea06cf40e4bf32b1d5f89aafcf36aa4014
-
SHA512
73522a3edc595071b4400e1ac54ed36e5aca3075ef69d0d1037f78cbcb3d5d9eb4985e21601684f450ea3a2254d423b958117bc716001d1e60eaadecb835cc22
-
SSDEEP
12288:MCTvJRIovpbse3Fs1lQOt+sAWPD21NAoGu5KLNM8nBat:9vJBbs83TsWAduMpM8nB
Static task
static1
Behavioral task
behavioral1
Sample
f2e4931f21dc86182dac61a7e28a49ea06cf40e4bf32b1d5f89aafcf36aa4014.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
f2e4931f21dc86182dac61a7e28a49ea06cf40e4bf32b1d5f89aafcf36aa4014.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6833930321:AAHwDIEAPHebsHtw__k-gJGBZ92DAJlw8_s/
Targets
-
-
Target
f2e4931f21dc86182dac61a7e28a49ea06cf40e4bf32b1d5f89aafcf36aa4014
-
Size
681KB
-
MD5
152fbaaaf5bfcb65d7956c87b2aa7465
-
SHA1
9ea47b883934476d7a85c0752d79305e07bc170c
-
SHA256
f2e4931f21dc86182dac61a7e28a49ea06cf40e4bf32b1d5f89aafcf36aa4014
-
SHA512
73522a3edc595071b4400e1ac54ed36e5aca3075ef69d0d1037f78cbcb3d5d9eb4985e21601684f450ea3a2254d423b958117bc716001d1e60eaadecb835cc22
-
SSDEEP
12288:MCTvJRIovpbse3Fs1lQOt+sAWPD21NAoGu5KLNM8nBat:9vJBbs83TsWAduMpM8nB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-