General
-
Target
9398183dc7939dac6ab4ea086995045996430ce19b90a88b92ca296d224bebbd
-
Size
796KB
-
Sample
231204-bdk2magd2z
-
MD5
b8751ceed8391f475cd415953db0f132
-
SHA1
39513452b4d50038db863c8aa209f6bd30136ba8
-
SHA256
9398183dc7939dac6ab4ea086995045996430ce19b90a88b92ca296d224bebbd
-
SHA512
1fd45abe4477e1b7052579c2458b5333932cf41db960f196ecc85c8c2c06b9605cfe0cac4bbf3acc3729b0ba77a40a122ddc7e5b799fc5652c23356440b524f3
-
SSDEEP
24576:wT6Ic+5lOid4eU/pfnqmLN2d1LmWcrPd:G/nbUhvvN2HLmWA
Static task
static1
Behavioral task
behavioral1
Sample
9398183dc7939dac6ab4ea086995045996430ce19b90a88b92ca296d224bebbd.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
9398183dc7939dac6ab4ea086995045996430ce19b90a88b92ca296d224bebbd.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6457934165:AAH3jNqw6uBv-_oMsG6zO_Jab90WBoaavm4/
Targets
-
-
Target
9398183dc7939dac6ab4ea086995045996430ce19b90a88b92ca296d224bebbd
-
Size
796KB
-
MD5
b8751ceed8391f475cd415953db0f132
-
SHA1
39513452b4d50038db863c8aa209f6bd30136ba8
-
SHA256
9398183dc7939dac6ab4ea086995045996430ce19b90a88b92ca296d224bebbd
-
SHA512
1fd45abe4477e1b7052579c2458b5333932cf41db960f196ecc85c8c2c06b9605cfe0cac4bbf3acc3729b0ba77a40a122ddc7e5b799fc5652c23356440b524f3
-
SSDEEP
24576:wT6Ic+5lOid4eU/pfnqmLN2d1LmWcrPd:G/nbUhvvN2HLmWA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-