General
-
Target
tmpx3vyntn0
-
Size
266KB
-
Sample
231204-vfv46adb83
-
MD5
992892eea003d621f694547d2284e39f
-
SHA1
7bf5627a0c7ec6d62578c9a95862c2ec4c3cabb6
-
SHA256
63f6d9e02b303e2062153d062ebc15c5ea7e05e36e5b92e48f60730c782fc9bb
-
SHA512
3e8237eb59fea1cd601cf5ca9d5b2fe7cb2cd7474e534f1315a0354f2d64300cb6b03944e80fe73fff60168dbe64cb82eec2ad0067b7a1346c4a0032dec5f8fa
-
SSDEEP
6144:mnSDik95vQ2vov1+QNRFH0Wm0jydwJxSHiiyV+9gffIxmk5:Dik95vNvov1+QLJ0Wm0LSJyqg3Ixm
Static task
static1
Behavioral task
behavioral1
Sample
tmpx3vyntn0.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
tmpx3vyntn0.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6609066655:AAFvSlYuljpA1ReJkQXiHiJh0XH1Axk0H-A/
Targets
-
-
Target
tmpx3vyntn0
-
Size
266KB
-
MD5
992892eea003d621f694547d2284e39f
-
SHA1
7bf5627a0c7ec6d62578c9a95862c2ec4c3cabb6
-
SHA256
63f6d9e02b303e2062153d062ebc15c5ea7e05e36e5b92e48f60730c782fc9bb
-
SHA512
3e8237eb59fea1cd601cf5ca9d5b2fe7cb2cd7474e534f1315a0354f2d64300cb6b03944e80fe73fff60168dbe64cb82eec2ad0067b7a1346c4a0032dec5f8fa
-
SSDEEP
6144:mnSDik95vQ2vov1+QNRFH0Wm0jydwJxSHiiyV+9gffIxmk5:Dik95vNvov1+QLJ0Wm0LSJyqg3Ixm
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-