General
-
Target
23343100IM00270839Dekont1.exe
-
Size
1.1MB
-
Sample
231205-vbz8bada85
-
MD5
9d30f25b8c61a1736d7296f65b5ddba0
-
SHA1
6c5cf22f6f581e278109b7aa79af945835dcb490
-
SHA256
f0a807ee5a09035670ebd38dd8dcb584f9af0f51f3ae072791f61db7766d6689
-
SHA512
c87dc3b875758ce744ee2f6a57c8e859898bcca86bc47e5a357df1609ecf31cb709b52246ef019d69ee3a1b0ae12a98d9d132423fb0826b14408d73a766507a6
-
SSDEEP
24576:11bPKtD/61IyUiFBKL4eryD2Tfckv4B/:W6KyzBKLzbfczJ
Static task
static1
Behavioral task
behavioral1
Sample
23343100IM00270839Dekont1.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
23343100IM00270839Dekont1.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1180973542540595330/m_7J6uu_CMPrtrs2YMplijNrEiqTgPX6W-unyecPj4ZytCZyLySJdPC12_vkfdwQicTt
Targets
-
-
Target
23343100IM00270839Dekont1.exe
-
Size
1.1MB
-
MD5
9d30f25b8c61a1736d7296f65b5ddba0
-
SHA1
6c5cf22f6f581e278109b7aa79af945835dcb490
-
SHA256
f0a807ee5a09035670ebd38dd8dcb584f9af0f51f3ae072791f61db7766d6689
-
SHA512
c87dc3b875758ce744ee2f6a57c8e859898bcca86bc47e5a357df1609ecf31cb709b52246ef019d69ee3a1b0ae12a98d9d132423fb0826b14408d73a766507a6
-
SSDEEP
24576:11bPKtD/61IyUiFBKL4eryD2Tfckv4B/:W6KyzBKLzbfczJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-