General
-
Target
CDYq7xS8Kb1vOyV.exe
-
Size
906.0MB
-
Sample
231204-nsymgsah32
-
MD5
22b364032da589f5175e2852ae0b30ad
-
SHA1
05ab982a52aa8d2379df883cc779ee4c48906edf
-
SHA256
ca1f775c9731d2387aaebabbdcdb92fd09731f1b3229af7c91098e7683d03375
-
SHA512
95329257767f0b0bcf2badf50a5d08d7557972b2ee849afdb7c9352294e19c5198af9aa41b83d66c883f093d75a851a49912cb708ebac48bc03464b2a4bdcffd
-
SSDEEP
12288:cP45+po2PGTLlFnn5sRybNUzPEQgE06+FKecUwK4B7b7b2ehDbNa:cO+pJPGnP5cgBIG/cUwtB7Lfx
Static task
static1
Behavioral task
behavioral1
Sample
CDYq7xS8Kb1vOyV.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
CDYq7xS8Kb1vOyV.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6807075796:AAGtVum7iWWKSBfZLrjjy4TEY1wRVxQr1do/
Targets
-
-
Target
CDYq7xS8Kb1vOyV.exe
-
Size
906.0MB
-
MD5
22b364032da589f5175e2852ae0b30ad
-
SHA1
05ab982a52aa8d2379df883cc779ee4c48906edf
-
SHA256
ca1f775c9731d2387aaebabbdcdb92fd09731f1b3229af7c91098e7683d03375
-
SHA512
95329257767f0b0bcf2badf50a5d08d7557972b2ee849afdb7c9352294e19c5198af9aa41b83d66c883f093d75a851a49912cb708ebac48bc03464b2a4bdcffd
-
SSDEEP
12288:cP45+po2PGTLlFnn5sRybNUzPEQgE06+FKecUwK4B7b7b2ehDbNa:cO+pJPGnP5cgBIG/cUwtB7Lfx
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-