General
-
Target
18e7407574a68f77e1fae3d3c818d864b7a61b044e16805f684968335197cc7d
-
Size
823KB
-
Sample
231205-eftnbshd93
-
MD5
77e7f5ee129d7a0eb6a063c6700083f6
-
SHA1
3809d6d83545814b6ca32ee97de22a5d9ce43114
-
SHA256
18e7407574a68f77e1fae3d3c818d864b7a61b044e16805f684968335197cc7d
-
SHA512
5933fba201b39e8e3768b2eae316e9ab2bce27446d96b521f044a7960f7402ee2fd44c5d1f5be5ff0e8390978e836c030b3b341039e2023aace9d7f39693611e
-
SSDEEP
12288:PWcXtW8G34/uK45+po2PUabkUh88z0IvoFMY1EUcCzetvc4en1ccxfD0whVS3UeJ:634/up+pJKY3o7NHiFcrn9xfnV+bJ
Static task
static1
Behavioral task
behavioral1
Sample
18e7407574a68f77e1fae3d3c818d864b7a61b044e16805f684968335197cc7d.exe
Resource
win10-20231020-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6695508500:AAHkexS5oB1E5lJkAEKZx2DzV7hRPW1U52k/
Targets
-
-
Target
18e7407574a68f77e1fae3d3c818d864b7a61b044e16805f684968335197cc7d
-
Size
823KB
-
MD5
77e7f5ee129d7a0eb6a063c6700083f6
-
SHA1
3809d6d83545814b6ca32ee97de22a5d9ce43114
-
SHA256
18e7407574a68f77e1fae3d3c818d864b7a61b044e16805f684968335197cc7d
-
SHA512
5933fba201b39e8e3768b2eae316e9ab2bce27446d96b521f044a7960f7402ee2fd44c5d1f5be5ff0e8390978e836c030b3b341039e2023aace9d7f39693611e
-
SSDEEP
12288:PWcXtW8G34/uK45+po2PUabkUh88z0IvoFMY1EUcCzetvc4en1ccxfD0whVS3UeJ:634/up+pJKY3o7NHiFcrn9xfnV+bJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-