General
-
Target
u1zBYqsipafStki.exe
-
Size
848KB
-
Sample
231207-vc4bcsdg48
-
MD5
0d3f3677ea8d45a57d725d61c71c172b
-
SHA1
be4ca1e7e6a23784efce031f83c0232141cd0718
-
SHA256
7c57d141f4c57d4ab30efd69206dc0a236ed915b2dbc437a9305b860e66e8a3c
-
SHA512
6b4fd4ac87b2d64881986dacf956a1aa3ec8e7cb351cc58d512e5b48c61a1ee5b2e69b264e4b8ec549211f5a29b35eb883e3e2cf79decd89467a07c069f36226
-
SSDEEP
12288:MaqvKgABiOX57dhpovj+6xuXvQDX7xRRVHZUvKeUtfysEa7ueH5qTIx:2OX5ZhSrXiQDFRRoZU5dEapq2
Static task
static1
Behavioral task
behavioral1
Sample
u1zBYqsipafStki.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
u1zBYqsipafStki.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6488735902:AAFjq98r8SzTcc0BHWZQiLUk749fQ78ULos/
Targets
-
-
Target
u1zBYqsipafStki.exe
-
Size
848KB
-
MD5
0d3f3677ea8d45a57d725d61c71c172b
-
SHA1
be4ca1e7e6a23784efce031f83c0232141cd0718
-
SHA256
7c57d141f4c57d4ab30efd69206dc0a236ed915b2dbc437a9305b860e66e8a3c
-
SHA512
6b4fd4ac87b2d64881986dacf956a1aa3ec8e7cb351cc58d512e5b48c61a1ee5b2e69b264e4b8ec549211f5a29b35eb883e3e2cf79decd89467a07c069f36226
-
SSDEEP
12288:MaqvKgABiOX57dhpovj+6xuXvQDX7xRRVHZUvKeUtfysEa7ueH5qTIx:2OX5ZhSrXiQDFRRoZU5dEapq2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-