General
-
Target
e054f78b7058dbc3166df6483cf322288502ca0866daf6421504d57565a0aa15.exe
-
Size
973KB
-
Sample
231203-mshqlabe37
-
MD5
5894c2a089c25a7a7dc24c26e27496af
-
SHA1
7c858439cee8de3eb09443bd65f706ce94451cfe
-
SHA256
e054f78b7058dbc3166df6483cf322288502ca0866daf6421504d57565a0aa15
-
SHA512
1664a1ac2918b86ecfcf4454cc550915889d0a5081b795d8827958ac694561cdb0f5a6bcbc4ef07a62027be46ee400eeb66c5ffc42b15a39a4e13bd617e1f871
-
SSDEEP
12288:+3copox4TQJRw04grHB+MkWotBgbPoPgn80pdKQ1VUF+UoNoeApXL4fMxZr:7e/WRw0Rd+MhwB+Qk97rN9+eApEfS
Static task
static1
Behavioral task
behavioral1
Sample
e054f78b7058dbc3166df6483cf322288502ca0866daf6421504d57565a0aa15.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
e054f78b7058dbc3166df6483cf322288502ca0866daf6421504d57565a0aa15.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1179011823245217852/BApmSysJ7ds4rFscxhzRAHKJv1hyP1UFKhyfN1ojsei9HMF0L9z-hwZZiDIGOsncVkXv
Targets
-
-
Target
e054f78b7058dbc3166df6483cf322288502ca0866daf6421504d57565a0aa15.exe
-
Size
973KB
-
MD5
5894c2a089c25a7a7dc24c26e27496af
-
SHA1
7c858439cee8de3eb09443bd65f706ce94451cfe
-
SHA256
e054f78b7058dbc3166df6483cf322288502ca0866daf6421504d57565a0aa15
-
SHA512
1664a1ac2918b86ecfcf4454cc550915889d0a5081b795d8827958ac694561cdb0f5a6bcbc4ef07a62027be46ee400eeb66c5ffc42b15a39a4e13bd617e1f871
-
SSDEEP
12288:+3copox4TQJRw04grHB+MkWotBgbPoPgn80pdKQ1VUF+UoNoeApXL4fMxZr:7e/WRw0Rd+MhwB+Qk97rN9+eApEfS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-