General
-
Target
africpiou.exe
-
Size
331KB
-
Sample
231205-wk9c1sea96
-
MD5
cb407edd867bb298d86ad82c2b4e7032
-
SHA1
2efcca5f28ccb1926ac128e5197839f13af01983
-
SHA256
f4cf2a5eba5104f17dcadf06a03a269157bfe9bb726c4bf0291519f47c2736f2
-
SHA512
1dd3ec12a42d1d898dce05cee613e80aca2b3190561f6ccf38569e9feee5a9d48ae0fd6439d4a2c4754c2c48146c37d6fbcf46543d189939e89ddfaa0adcf106
-
SSDEEP
6144:fGS74D4ji0736hkiSMCbGc1mqF32UiYRcENIysJGlq2a+gC0Noe+ek:eS0j0736ufEcsmL1cE25JGlq2aDrW
Static task
static1
Behavioral task
behavioral1
Sample
africpiou.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
africpiou.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6669461375:AAGwrSGDuGS4lzGe3ziI4ubZc9TzQ8r1m8o/
Targets
-
-
Target
africpiou.exe
-
Size
331KB
-
MD5
cb407edd867bb298d86ad82c2b4e7032
-
SHA1
2efcca5f28ccb1926ac128e5197839f13af01983
-
SHA256
f4cf2a5eba5104f17dcadf06a03a269157bfe9bb726c4bf0291519f47c2736f2
-
SHA512
1dd3ec12a42d1d898dce05cee613e80aca2b3190561f6ccf38569e9feee5a9d48ae0fd6439d4a2c4754c2c48146c37d6fbcf46543d189939e89ddfaa0adcf106
-
SSDEEP
6144:fGS74D4ji0736hkiSMCbGc1mqF32UiYRcENIysJGlq2a+gC0Noe+ek:eS0j0736ufEcsmL1cE25JGlq2aDrW
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-