General
-
Target
3c44e3848f7eb2087013d5154f25a9af9fa9130214dea033933584f08dcb7109
-
Size
1.2MB
-
Sample
231207-b5wbnsgfbl
-
MD5
8ce770497b8a32c4c6bf8626ff6a1924
-
SHA1
95214031768c1dd8411fa5af3649973c7d98177e
-
SHA256
3c44e3848f7eb2087013d5154f25a9af9fa9130214dea033933584f08dcb7109
-
SHA512
a1584679d10fb439cb9b4650493c6375eaa3cf919511b72e0711f320e08e721758f218e806389bee67bcbc5e2ba0f97798b02fa899b8568145b28888a3c8172d
-
SSDEEP
3072:IAgjT7lyimAFECy61CVJ1o+AeBImCytphGqsdo6pBA:/gH7lyim7CED5AeOdyqdo6p
Static task
static1
Behavioral task
behavioral1
Sample
Avviso di Pagamento_ SEPA_Unicredit Bank_Pdf.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Avviso di Pagamento_ SEPA_Unicredit Bank_Pdf.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6815919082:AAHg0w-xxR8W47F1m3szCzCr2P1b4AttF-E/
Targets
-
-
Target
Avviso di Pagamento_ SEPA_Unicredit Bank_Pdf.bat
-
Size
192KB
-
MD5
c83e8d01fa4bb2a29de8757bab77c261
-
SHA1
fd996e799182968527ae6bbae5949f6970e41940
-
SHA256
70599fe914edfb27f40868d4cab51383791548e119d48ea1cf2748362a623817
-
SHA512
be57ca047c5d909c7d792ef4c21936988da5f5a0667f7c5d89cdfa31f34579fd3dafb04f0a0d4054b7202cfdc4a8671157e31749c20276d0e40896f9b135186a
-
SSDEEP
3072:vgjT7lyimAFECy61CVJ1o+AeBImCytphGqsdo6pBA:vgH7lyim7CED5AeOdyqdo6p
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-