General
-
Target
8c208bd1e64d961dc972c12d8736c7b5e2f532003fc8563c021e85a60f944833
-
Size
843KB
-
Sample
231208-c2s8ksgg67
-
MD5
2d3733aa2dcf9beccb8e64c5ed45ef86
-
SHA1
3735d31f58789144b4f2c819e9cc33b7c863b083
-
SHA256
8c208bd1e64d961dc972c12d8736c7b5e2f532003fc8563c021e85a60f944833
-
SHA512
87ccca3c4b7f33f7a4a95951d2e730a95cb4f3cf1ff86197a93175eda1eed57130283df5d299c29ceba633e5c4042c37ea01ca537888f5b6f47937e039a96a25
-
SSDEEP
12288:hfYNr4RaVxP45+po21SMs3KSA6lTCnBjDPbQYAxIUpu7b1h2Hzq:UVk+pJsMsKSA6BCnBzwIrPQz
Static task
static1
Behavioral task
behavioral1
Sample
8c208bd1e64d961dc972c12d8736c7b5e2f532003fc8563c021e85a60f944833.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8c208bd1e64d961dc972c12d8736c7b5e2f532003fc8563c021e85a60f944833.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6547287693:AAGGgrnDvtLiSnFJxDycaluud9osnQGIN1E/
Targets
-
-
Target
8c208bd1e64d961dc972c12d8736c7b5e2f532003fc8563c021e85a60f944833
-
Size
843KB
-
MD5
2d3733aa2dcf9beccb8e64c5ed45ef86
-
SHA1
3735d31f58789144b4f2c819e9cc33b7c863b083
-
SHA256
8c208bd1e64d961dc972c12d8736c7b5e2f532003fc8563c021e85a60f944833
-
SHA512
87ccca3c4b7f33f7a4a95951d2e730a95cb4f3cf1ff86197a93175eda1eed57130283df5d299c29ceba633e5c4042c37ea01ca537888f5b6f47937e039a96a25
-
SSDEEP
12288:hfYNr4RaVxP45+po21SMs3KSA6lTCnBjDPbQYAxIUpu7b1h2Hzq:UVk+pJsMsKSA6BCnBzwIrPQz
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-