General
-
Target
34896132d28924e94ae0175efce2d857fd14b4f4b7def772902f6e76e9d0ddf9.exe
-
Size
961KB
-
Sample
231203-mlxaeabe7t
-
MD5
8949aa9ed5e9dd287dc9bf1d3ef611ca
-
SHA1
c0c48a7e226404d9225cc2952edf5928d9f9fd0b
-
SHA256
34896132d28924e94ae0175efce2d857fd14b4f4b7def772902f6e76e9d0ddf9
-
SHA512
64b8cd88d157444bc4600505eb26a5a0048d245c1dac2d21b8c330752c51788c2e590931f1530df3e96f85ee9487a44f49d7e7b2a8b834192cf5e8b1b64ebdfd
-
SSDEEP
12288:mCfEJEI/b6pzgKBjgJjcxjxpQYcWapip+ddnOX9cwR0:rEJlbGCJjop5cGLZ
Static task
static1
Behavioral task
behavioral1
Sample
34896132d28924e94ae0175efce2d857fd14b4f4b7def772902f6e76e9d0ddf9.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
34896132d28924e94ae0175efce2d857fd14b4f4b7def772902f6e76e9d0ddf9.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1179958435408785428/jLjV5a_ciZdpd6t2s27CGCikXETJ6crcchofeUrAVpoZUDRhP4jkMHHhD4ltJmgZhIap
Targets
-
-
Target
34896132d28924e94ae0175efce2d857fd14b4f4b7def772902f6e76e9d0ddf9.exe
-
Size
961KB
-
MD5
8949aa9ed5e9dd287dc9bf1d3ef611ca
-
SHA1
c0c48a7e226404d9225cc2952edf5928d9f9fd0b
-
SHA256
34896132d28924e94ae0175efce2d857fd14b4f4b7def772902f6e76e9d0ddf9
-
SHA512
64b8cd88d157444bc4600505eb26a5a0048d245c1dac2d21b8c330752c51788c2e590931f1530df3e96f85ee9487a44f49d7e7b2a8b834192cf5e8b1b64ebdfd
-
SSDEEP
12288:mCfEJEI/b6pzgKBjgJjcxjxpQYcWapip+ddnOX9cwR0:rEJlbGCJjop5cGLZ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-