General
-
Target
e99e93f8216404e47006857d10ac15ed817d9335700c421670526f0d40ed265a
-
Size
811KB
-
Sample
231205-vsfv1ach91
-
MD5
dc9d9448caee4e71e1a5c4df0d685924
-
SHA1
d3161da375478a4f3f72249d920d19b7017dc395
-
SHA256
e99e93f8216404e47006857d10ac15ed817d9335700c421670526f0d40ed265a
-
SHA512
308ad252b1c7738c9dad45491770291d755214465dccf399b99d70770c999ab36bfdc90010ed94f3a64f8c333ddedbcd5d19e9c04efa488e7ef18d7412434d78
-
SSDEEP
24576:S34/up+pJyPwC3OsLRCpN1dVrtHFMqP+:S38PJawsJRalVjLP+
Static task
static1
Behavioral task
behavioral1
Sample
e99e93f8216404e47006857d10ac15ed817d9335700c421670526f0d40ed265a.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
e99e93f8216404e47006857d10ac15ed817d9335700c421670526f0d40ed265a.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6813483585:AAGuo7_iQaYrqOce8KYO5QCqhLeR8nk_gNQ/
Targets
-
-
Target
e99e93f8216404e47006857d10ac15ed817d9335700c421670526f0d40ed265a
-
Size
811KB
-
MD5
dc9d9448caee4e71e1a5c4df0d685924
-
SHA1
d3161da375478a4f3f72249d920d19b7017dc395
-
SHA256
e99e93f8216404e47006857d10ac15ed817d9335700c421670526f0d40ed265a
-
SHA512
308ad252b1c7738c9dad45491770291d755214465dccf399b99d70770c999ab36bfdc90010ed94f3a64f8c333ddedbcd5d19e9c04efa488e7ef18d7412434d78
-
SSDEEP
24576:S34/up+pJyPwC3OsLRCpN1dVrtHFMqP+:S38PJawsJRalVjLP+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-