General
-
Target
04251452615625625.exe
-
Size
888KB
-
Sample
231202-t5y2nsea3s
-
MD5
a390d1c199622b6608a8b40f77689bd7
-
SHA1
98d0cb5c4c4f00a1bebe826e60c65eef639a8dc7
-
SHA256
77d3daaae1248e670428b17c46a8bdb30b90c175cc70192fb1f7dbee025b9a91
-
SHA512
90d309887bb857ac44e180e526b604977a5943275923934389752ae7044102a16151dedada29a35ad5bf6e63957b40c6043fe241966823d5b067c57b4db53638
-
SSDEEP
12288:W8obXVUqFOmJ5ZmQj6K2KrMH+JuZA1xBItlafFeIAGdw:hYVVDT7j6l41kcBIE
Static task
static1
Behavioral task
behavioral1
Sample
04251452615625625.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
04251452615625625.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1176621449583263805/5JKryEUiTfkpFgwR0jfx1lxhlHrdD27Aj8EDwTK5fF7OvWWBv_Qi0oMYi0fTpMW-lLTE
Targets
-
-
Target
04251452615625625.exe
-
Size
888KB
-
MD5
a390d1c199622b6608a8b40f77689bd7
-
SHA1
98d0cb5c4c4f00a1bebe826e60c65eef639a8dc7
-
SHA256
77d3daaae1248e670428b17c46a8bdb30b90c175cc70192fb1f7dbee025b9a91
-
SHA512
90d309887bb857ac44e180e526b604977a5943275923934389752ae7044102a16151dedada29a35ad5bf6e63957b40c6043fe241966823d5b067c57b4db53638
-
SSDEEP
12288:W8obXVUqFOmJ5ZmQj6K2KrMH+JuZA1xBItlafFeIAGdw:hYVVDT7j6l41kcBIE
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-