General
-
Target
6121d9558ce41b80600fc6853d64772cd0b68ed05da452fcb4c709b256ed9bf8
-
Size
811KB
-
Sample
231206-dbfp8sae42
-
MD5
f88da6b08e7e83728c59a1e0e35cf824
-
SHA1
9768ed54c0bccb34b682d94d7be28ba9ed9e0afc
-
SHA256
6121d9558ce41b80600fc6853d64772cd0b68ed05da452fcb4c709b256ed9bf8
-
SHA512
3e2939f76619cdd5170213ff64962de392b6db5f867b831eed59478965af5b6f9f3911f8515124443a3effc5f79032013ba86cd1ece114341ec612c613bae794
-
SSDEEP
24576:zDKtD/61ItJpv4XvFaoFdaUELhvTIpIT:m6KtJpgfFaoFgD0
Static task
static1
Behavioral task
behavioral1
Sample
6121d9558ce41b80600fc6853d64772cd0b68ed05da452fcb4c709b256ed9bf8.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
6121d9558ce41b80600fc6853d64772cd0b68ed05da452fcb4c709b256ed9bf8.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://discordapp.com/api/webhooks/1181498491458035742/1cF67FyYbH5hKZiQFxnepGP9ouAxF_JrbATJrR-c9cynhriJsqMv6wgLBGq6n67jkbl-
Targets
-
-
Target
6121d9558ce41b80600fc6853d64772cd0b68ed05da452fcb4c709b256ed9bf8
-
Size
811KB
-
MD5
f88da6b08e7e83728c59a1e0e35cf824
-
SHA1
9768ed54c0bccb34b682d94d7be28ba9ed9e0afc
-
SHA256
6121d9558ce41b80600fc6853d64772cd0b68ed05da452fcb4c709b256ed9bf8
-
SHA512
3e2939f76619cdd5170213ff64962de392b6db5f867b831eed59478965af5b6f9f3911f8515124443a3effc5f79032013ba86cd1ece114341ec612c613bae794
-
SSDEEP
24576:zDKtD/61ItJpv4XvFaoFdaUELhvTIpIT:m6KtJpgfFaoFgD0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-