General
-
Target
121db390787d0adab89a8da7710fdd28a851551d5001083f9cadd3f77cb27b86
-
Size
1.1MB
-
Sample
231206-dn56naaf45
-
MD5
e59dd8e171a778ebb5f4069a96bc4a74
-
SHA1
e1a46b4481bed1583e0df095aeae3780f703a0e4
-
SHA256
121db390787d0adab89a8da7710fdd28a851551d5001083f9cadd3f77cb27b86
-
SHA512
0467648c0a211f2f70df47b691c5b9657c5864fe9210ed9699f2bed88ba8cbb642ff946ab7665171167953d5233a274b68293ea2d19fc1d2050c971ac59bf108
-
SSDEEP
12288:nKKE6jD/62iNG5nF8joRfSt5aLOrRQLjtTQw/YK+yQoUf+YtoLb3GWkVhuukUEJ:nKKtD/61IyoRqXaguR9/YBlWYib3GWD
Static task
static1
Behavioral task
behavioral1
Sample
121db390787d0adab89a8da7710fdd28a851551d5001083f9cadd3f77cb27b86.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
121db390787d0adab89a8da7710fdd28a851551d5001083f9cadd3f77cb27b86.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6827427845:AAHOR0NOvYU7lnFh3eGcH73r4l7P_lWKrdA/
Targets
-
-
Target
121db390787d0adab89a8da7710fdd28a851551d5001083f9cadd3f77cb27b86
-
Size
1.1MB
-
MD5
e59dd8e171a778ebb5f4069a96bc4a74
-
SHA1
e1a46b4481bed1583e0df095aeae3780f703a0e4
-
SHA256
121db390787d0adab89a8da7710fdd28a851551d5001083f9cadd3f77cb27b86
-
SHA512
0467648c0a211f2f70df47b691c5b9657c5864fe9210ed9699f2bed88ba8cbb642ff946ab7665171167953d5233a274b68293ea2d19fc1d2050c971ac59bf108
-
SSDEEP
12288:nKKE6jD/62iNG5nF8joRfSt5aLOrRQLjtTQw/YK+yQoUf+YtoLb3GWkVhuukUEJ:nKKtD/61IyoRqXaguR9/YBlWYib3GWD
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-