General
-
Target
027a9ebfadb9ba3940e5498640bc199fb9f3bd8a34dd85af15b24deee95344c6
-
Size
634KB
-
Sample
231205-dfx53shc58
-
MD5
493093124350e8c3012a1a36f4eaa7a3
-
SHA1
6fd685db77750fed9f9067139cd5cac5ae5ec967
-
SHA256
027a9ebfadb9ba3940e5498640bc199fb9f3bd8a34dd85af15b24deee95344c6
-
SHA512
30477a1e0c25e3a95c6bd4f5bc601c99220a00532bcc1514aa0dabb5f11ca5d02f5e94092812da52429676d07259dfd93e18a4e7cacab4114dadf39f8d4e881d
-
SSDEEP
12288:pM45+po27erR+TVWUOOw3TDUnnS3zuY+2iS4rOApPmcGUmKqA0n3FUiP8kMXj:pP+pJE+pW5OwinS3zu52or/mz3JUP
Static task
static1
Behavioral task
behavioral1
Sample
027a9ebfadb9ba3940e5498640bc199fb9f3bd8a34dd85af15b24deee95344c6.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
027a9ebfadb9ba3940e5498640bc199fb9f3bd8a34dd85af15b24deee95344c6.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6842284005:AAEBxh6cL0NGDg-gb0BoH5Z7v4-Fv4B_wmo/
Targets
-
-
Target
027a9ebfadb9ba3940e5498640bc199fb9f3bd8a34dd85af15b24deee95344c6
-
Size
634KB
-
MD5
493093124350e8c3012a1a36f4eaa7a3
-
SHA1
6fd685db77750fed9f9067139cd5cac5ae5ec967
-
SHA256
027a9ebfadb9ba3940e5498640bc199fb9f3bd8a34dd85af15b24deee95344c6
-
SHA512
30477a1e0c25e3a95c6bd4f5bc601c99220a00532bcc1514aa0dabb5f11ca5d02f5e94092812da52429676d07259dfd93e18a4e7cacab4114dadf39f8d4e881d
-
SSDEEP
12288:pM45+po27erR+TVWUOOw3TDUnnS3zuY+2iS4rOApPmcGUmKqA0n3FUiP8kMXj:pP+pJE+pW5OwinS3zu52or/mz3JUP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-