General
-
Target
5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654
-
Size
806KB
-
Sample
231206-c57v5sad74
-
MD5
bc8d05282f5391242f19219dc1e5bf4e
-
SHA1
afcfb05fd2e809bb5e120297619e2e7a36797398
-
SHA256
5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654
-
SHA512
652556e8ec1533b324f7c2260aff7ebf61b8468a911093e083adf261f894201f387200aaa3847964d1bdba2802039da2d1ad5440e4d4453b188af52034a0d2ee
-
SSDEEP
12288:+tKE6jD/62iNG5nF8ybpfSC4Z4nJgg6wJFNtduLfWiLQi+5RjNGDh2kN0oZJ:+tKtD/61IGZ4nJy8NtsfWivkadRJ
Static task
static1
Behavioral task
behavioral1
Sample
5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6471053992:AAFUlrUxhi5Jrpjikoc-P4r9ZbsXV_T9vj8/
Targets
-
-
Target
5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654
-
Size
806KB
-
MD5
bc8d05282f5391242f19219dc1e5bf4e
-
SHA1
afcfb05fd2e809bb5e120297619e2e7a36797398
-
SHA256
5caa8572425248f5dad8a265a2131eb5a6e72360cd9a489a21d9c8f6e37fc654
-
SHA512
652556e8ec1533b324f7c2260aff7ebf61b8468a911093e083adf261f894201f387200aaa3847964d1bdba2802039da2d1ad5440e4d4453b188af52034a0d2ee
-
SSDEEP
12288:+tKE6jD/62iNG5nF8ybpfSC4Z4nJgg6wJFNtduLfWiLQi+5RjNGDh2kN0oZJ:+tKtD/61IGZ4nJy8NtsfWivkadRJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-