General
-
Target
c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac
-
Size
933KB
-
Sample
231205-vcbaksda99
-
MD5
e4f8b6eee6be5f9102ee21d572dc0834
-
SHA1
3b00998371ee7c84e20bcbfd543ec45a8588d55f
-
SHA256
c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac
-
SHA512
3cec5ce85e4632ceaa2d3ab472ca143f4beb4f42c46ab1709b0ebc5ba043bce2946fda41300faa1f3445d9665d28e1f4f7fdabed3a85ca0c5bd83da0a8d21e1c
-
SSDEEP
12288:XdIcNJum2wDuyWZRO/GsxTz5llc3YyhFtbYcZ1peAXV8ApP7r9r/+ppppppppppR:XPNJum2wCyWZ0O+TH23DhscZ1pjp1q
Static task
static1
Behavioral task
behavioral1
Sample
c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6471053992:AAFUlrUxhi5Jrpjikoc-P4r9ZbsXV_T9vj8/
Targets
-
-
Target
c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac
-
Size
933KB
-
MD5
e4f8b6eee6be5f9102ee21d572dc0834
-
SHA1
3b00998371ee7c84e20bcbfd543ec45a8588d55f
-
SHA256
c7b54fdfe758bc9efc5a2f6d97926f20d01f1c85aeb2be3156d56b3a7ea83bac
-
SHA512
3cec5ce85e4632ceaa2d3ab472ca143f4beb4f42c46ab1709b0ebc5ba043bce2946fda41300faa1f3445d9665d28e1f4f7fdabed3a85ca0c5bd83da0a8d21e1c
-
SSDEEP
12288:XdIcNJum2wDuyWZRO/GsxTz5llc3YyhFtbYcZ1peAXV8ApP7r9r/+ppppppppppR:XPNJum2wCyWZ0O+TH23DhscZ1pjp1q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-