General
-
Target
dfb68130df0836d5b3de13e8a51a9af8946e026923f7d7babfca446d4fdb5b5f
-
Size
987KB
-
Sample
231206-cvy59aac76
-
MD5
3efafe24f34c1b1b7f0c39943a6327d1
-
SHA1
3c8cfac5575c18d9ffe4a181a629d4c666c77e2e
-
SHA256
dfb68130df0836d5b3de13e8a51a9af8946e026923f7d7babfca446d4fdb5b5f
-
SHA512
20693c27ccfdfe86ef213148ab994b72c5f3dd179d60dcb72fd0eb1af9893c02cc228d13b3ca6866550ea047662ddc6cfe6532dced9c866bb536079fa93e4a0f
-
SSDEEP
12288:GUe1E6jD/0LyZX6NsR4hu9rGJ31I+iZxMAW/7AKrm3BTPFhW0fbgndK41155opoE:pe1tD/PZX6nhy031IL7xHJ+Q41Ve
Static task
static1
Behavioral task
behavioral1
Sample
dfb68130df0836d5b3de13e8a51a9af8946e026923f7d7babfca446d4fdb5b5f.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
dfb68130df0836d5b3de13e8a51a9af8946e026923f7d7babfca446d4fdb5b5f.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1178979343360348200/8srcyWnVPB1bU5zRmsxn6NwwB7kc8tq5vYwH3zqeKSI4TK9S5wTPqoF5Rmm0xCs7rA6A
Targets
-
-
Target
dfb68130df0836d5b3de13e8a51a9af8946e026923f7d7babfca446d4fdb5b5f
-
Size
987KB
-
MD5
3efafe24f34c1b1b7f0c39943a6327d1
-
SHA1
3c8cfac5575c18d9ffe4a181a629d4c666c77e2e
-
SHA256
dfb68130df0836d5b3de13e8a51a9af8946e026923f7d7babfca446d4fdb5b5f
-
SHA512
20693c27ccfdfe86ef213148ab994b72c5f3dd179d60dcb72fd0eb1af9893c02cc228d13b3ca6866550ea047662ddc6cfe6532dced9c866bb536079fa93e4a0f
-
SSDEEP
12288:GUe1E6jD/0LyZX6NsR4hu9rGJ31I+iZxMAW/7AKrm3BTPFhW0fbgndK41155opoE:pe1tD/PZX6nhy031IL7xHJ+Q41Ve
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-