General
-
Target
9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6
-
Size
5KB
-
Sample
231208-c2187agg68
-
MD5
307250be963257c7e18a3252e4bd74d4
-
SHA1
568d3fd58dfbd7140aae6a7840460b343c83c13f
-
SHA256
9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6
-
SHA512
71bbc3c7013730683d33c594613dc831c337ca0298975f42705e92afeb2c34b78b166820f4f4b05480f4673c626d0f81c40372090627a76562454e1a8fade484
-
SSDEEP
48:6Qi+hmUGDJrNHIjfe6DSfAEnwgKgwoWz6Ao/CIjfdUhLQIfhsFwQpsVtiOlSDqFQ:G7lrZIjG6DSfA/dgwo/pf8Bhrt0ozNt
Static task
static1
Behavioral task
behavioral1
Sample
9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6414995176:AAGuFTS3tKhdeIu6sCNhCNw8cv7vkPJh1TQ/
Targets
-
-
Target
9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6
-
Size
5KB
-
MD5
307250be963257c7e18a3252e4bd74d4
-
SHA1
568d3fd58dfbd7140aae6a7840460b343c83c13f
-
SHA256
9bdd0e7c37eeae0f6d4da635e9c856fb2e009aa7ed59777f33776ff89066fba6
-
SHA512
71bbc3c7013730683d33c594613dc831c337ca0298975f42705e92afeb2c34b78b166820f4f4b05480f4673c626d0f81c40372090627a76562454e1a8fade484
-
SSDEEP
48:6Qi+hmUGDJrNHIjfe6DSfAEnwgKgwoWz6Ao/CIjfdUhLQIfhsFwQpsVtiOlSDqFQ:G7lrZIjG6DSfA/dgwo/pf8Bhrt0ozNt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-