General
-
Target
0e9397b32d365eedb3a1d0a6d062486159a5c99e7195f5ac1e9586b6e39e7c6d
-
Size
733KB
-
Sample
231206-be85vahf67
-
MD5
94814f9b52f79d0ce846383438eabc8a
-
SHA1
138f147b860b3a580ab69d4a94d00ca4a0a65d1a
-
SHA256
0e9397b32d365eedb3a1d0a6d062486159a5c99e7195f5ac1e9586b6e39e7c6d
-
SHA512
b6f33bfd22aac0f44c187cdaea5eda73fe0d726d26f4ad5e08c03a2d5601cddb21a93248c71b97f55be1c2ef4b490d2d32364a9a26aba63834829d4611af7103
-
SSDEEP
12288:wV5nF8ME6jD/A9qL/C4Wg3yu5ZF1EVEMtWik5v28B7DaYIgc2k5Y:wVPtD/AcLBWpu5ZXEVJtu5+8B7Dhg/5Y
Static task
static1
Behavioral task
behavioral1
Sample
0e9397b32d365eedb3a1d0a6d062486159a5c99e7195f5ac1e9586b6e39e7c6d.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0e9397b32d365eedb3a1d0a6d062486159a5c99e7195f5ac1e9586b6e39e7c6d.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6695508500:AAHkexS5oB1E5lJkAEKZx2DzV7hRPW1U52k/
Targets
-
-
Target
0e9397b32d365eedb3a1d0a6d062486159a5c99e7195f5ac1e9586b6e39e7c6d
-
Size
733KB
-
MD5
94814f9b52f79d0ce846383438eabc8a
-
SHA1
138f147b860b3a580ab69d4a94d00ca4a0a65d1a
-
SHA256
0e9397b32d365eedb3a1d0a6d062486159a5c99e7195f5ac1e9586b6e39e7c6d
-
SHA512
b6f33bfd22aac0f44c187cdaea5eda73fe0d726d26f4ad5e08c03a2d5601cddb21a93248c71b97f55be1c2ef4b490d2d32364a9a26aba63834829d4611af7103
-
SSDEEP
12288:wV5nF8ME6jD/A9qL/C4Wg3yu5ZF1EVEMtWik5v28B7DaYIgc2k5Y:wVPtD/AcLBWpu5ZXEVJtu5+8B7Dhg/5Y
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-