General
-
Target
3b87c1ff0576d0f7c3595554245adba16dc0b6aa4f4d7b658dd1b803c7b76a39
-
Size
835KB
-
Sample
231205-vqfgfsch6y
-
MD5
47768ce0f6e578743e3ffcd1cdc45a85
-
SHA1
359276e0825600dd637166ae75315cfaf60585a0
-
SHA256
3b87c1ff0576d0f7c3595554245adba16dc0b6aa4f4d7b658dd1b803c7b76a39
-
SHA512
cdf1f850f15e0addb7873be7bd5ed3cf8e32d1164e5aa7a584fac227b223a0dfd4b8798e92da29ceadfd838ae37e6599b975c7cbc76034053f3d88db88bca6b9
-
SSDEEP
24576:SNk+pJbDMZN3C3R2pEu4Vh4CdB8JYU6K5:S5JMZJWs+u4NLO6K
Static task
static1
Behavioral task
behavioral1
Sample
3b87c1ff0576d0f7c3595554245adba16dc0b6aa4f4d7b658dd1b803c7b76a39.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
3b87c1ff0576d0f7c3595554245adba16dc0b6aa4f4d7b658dd1b803c7b76a39.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1179499222463168573/PVUpZ1J1JtDuKSWVcXWilMvIlKb2Qchu7QhEEb_1sKVtTXLAEfM5aRMADIF1EWL0ZjkF
Targets
-
-
Target
3b87c1ff0576d0f7c3595554245adba16dc0b6aa4f4d7b658dd1b803c7b76a39
-
Size
835KB
-
MD5
47768ce0f6e578743e3ffcd1cdc45a85
-
SHA1
359276e0825600dd637166ae75315cfaf60585a0
-
SHA256
3b87c1ff0576d0f7c3595554245adba16dc0b6aa4f4d7b658dd1b803c7b76a39
-
SHA512
cdf1f850f15e0addb7873be7bd5ed3cf8e32d1164e5aa7a584fac227b223a0dfd4b8798e92da29ceadfd838ae37e6599b975c7cbc76034053f3d88db88bca6b9
-
SSDEEP
24576:SNk+pJbDMZN3C3R2pEu4Vh4CdB8JYU6K5:S5JMZJWs+u4NLO6K
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-