General
-
Target
2db73d977a57e046361ee6faa57a14005f8393c62d1ddefa7d424dfff9773cf1
-
Size
390KB
-
Sample
231206-cpb4jaab84
-
MD5
13b206b3e79a9d04ff497d128c01df53
-
SHA1
2e17982b433c9e32f25a5fec1707e573563c594f
-
SHA256
2db73d977a57e046361ee6faa57a14005f8393c62d1ddefa7d424dfff9773cf1
-
SHA512
5af0ed9d1dc21e373a269377fb98e693aab1cc88e5528148e91f885195ada6289a1c3cbad965fb52da6c4b7955ac5770017f8e5a156960de971d28ebe172fcb8
-
SSDEEP
6144:Nn1m9kdb/Gt8b++UXaVXKv6FW2LN6rKTbLfqmYJEgTy:NOeLlS5aVXKv6FhzbLfv2EgTy
Static task
static1
Behavioral task
behavioral1
Sample
2db73d977a57e046361ee6faa57a14005f8393c62d1ddefa7d424dfff9773cf1.xls
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
2db73d977a57e046361ee6faa57a14005f8393c62d1ddefa7d424dfff9773cf1.xls
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6670271579:AAHln7Op0JjSMa92pjMiSLRC0uIRAw3DqMQ/
Targets
-
-
Target
2db73d977a57e046361ee6faa57a14005f8393c62d1ddefa7d424dfff9773cf1
-
Size
390KB
-
MD5
13b206b3e79a9d04ff497d128c01df53
-
SHA1
2e17982b433c9e32f25a5fec1707e573563c594f
-
SHA256
2db73d977a57e046361ee6faa57a14005f8393c62d1ddefa7d424dfff9773cf1
-
SHA512
5af0ed9d1dc21e373a269377fb98e693aab1cc88e5528148e91f885195ada6289a1c3cbad965fb52da6c4b7955ac5770017f8e5a156960de971d28ebe172fcb8
-
SSDEEP
6144:Nn1m9kdb/Gt8b++UXaVXKv6FW2LN6rKTbLfqmYJEgTy:NOeLlS5aVXKv6FhzbLfv2EgTy
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-