General
-
Target
2d631e09274afb5c231bd6d7f6a7c26922a0fa3176ba5837d3be82469fa6e6ebexe.exe
-
Size
642KB
-
Sample
231207-yasnmaeh54
-
MD5
2df1ab727bfa05dba560693967a5a9bb
-
SHA1
fe97cd5670652a7e20c40be79b3758d1217ec9c9
-
SHA256
2d631e09274afb5c231bd6d7f6a7c26922a0fa3176ba5837d3be82469fa6e6eb
-
SHA512
c1ab982fbb2ce8a79b750059e7925cbd84592461f01297bef8e528f3a35b3eeacdc0b98ac2db4aea36c05fddb700332a9a7361476a2baf36f78f3cded3b86b52
-
SSDEEP
12288:3zhQaueH5qAmB3aNOcEwoxy8760I23AY0fR94NOai+Sgwdk51AyxIen:3zfq10krxj760I23HER94gaSgwO1Nr
Static task
static1
Behavioral task
behavioral1
Sample
2d631e09274afb5c231bd6d7f6a7c26922a0fa3176ba5837d3be82469fa6e6ebexe.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
2d631e09274afb5c231bd6d7f6a7c26922a0fa3176ba5837d3be82469fa6e6ebexe.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1181759713713602600/iHsQ6OYa_KMNpOIA7OYiDu7j9BWVVvJ0gcEWr8VRve7tDH1TR5LRILIK1jr1NG5T-29a
Targets
-
-
Target
2d631e09274afb5c231bd6d7f6a7c26922a0fa3176ba5837d3be82469fa6e6ebexe.exe
-
Size
642KB
-
MD5
2df1ab727bfa05dba560693967a5a9bb
-
SHA1
fe97cd5670652a7e20c40be79b3758d1217ec9c9
-
SHA256
2d631e09274afb5c231bd6d7f6a7c26922a0fa3176ba5837d3be82469fa6e6eb
-
SHA512
c1ab982fbb2ce8a79b750059e7925cbd84592461f01297bef8e528f3a35b3eeacdc0b98ac2db4aea36c05fddb700332a9a7361476a2baf36f78f3cded3b86b52
-
SSDEEP
12288:3zhQaueH5qAmB3aNOcEwoxy8760I23AY0fR94NOai+Sgwdk51AyxIen:3zfq10krxj760I23HER94gaSgwO1Nr
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-