General
-
Target
a61b9e25574ed2eb4216c5414b9890306cd711e41501f5bee5f03e2308c49e1a
-
Size
838KB
-
Sample
231205-vwpx3sdb2s
-
MD5
69755cfe380f66512706901f0185606e
-
SHA1
474a3fdccc323c84757fd8949f708717dff72915
-
SHA256
a61b9e25574ed2eb4216c5414b9890306cd711e41501f5bee5f03e2308c49e1a
-
SHA512
cb923521848b601b51ba061fd3d7b5f063451be2f0aae4c654c8514df272bda37067505d4410a54aa1a66a6ef7d9c3418751ea1da9d99d230b00d7165fb3da73
-
SSDEEP
24576:v34/up+pJUHxsGFUTpR1AccIEiXDk1Zswnr:v38PJUHxsGApbAccRzN
Static task
static1
Behavioral task
behavioral1
Sample
a61b9e25574ed2eb4216c5414b9890306cd711e41501f5bee5f03e2308c49e1a.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
a61b9e25574ed2eb4216c5414b9890306cd711e41501f5bee5f03e2308c49e1a.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6488735902:AAFjq98r8SzTcc0BHWZQiLUk749fQ78ULos/
Targets
-
-
Target
a61b9e25574ed2eb4216c5414b9890306cd711e41501f5bee5f03e2308c49e1a
-
Size
838KB
-
MD5
69755cfe380f66512706901f0185606e
-
SHA1
474a3fdccc323c84757fd8949f708717dff72915
-
SHA256
a61b9e25574ed2eb4216c5414b9890306cd711e41501f5bee5f03e2308c49e1a
-
SHA512
cb923521848b601b51ba061fd3d7b5f063451be2f0aae4c654c8514df272bda37067505d4410a54aa1a66a6ef7d9c3418751ea1da9d99d230b00d7165fb3da73
-
SSDEEP
24576:v34/up+pJUHxsGFUTpR1AccIEiXDk1Zswnr:v38PJUHxsGApbAccRzN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-