General
-
Target
Delivery Note.rar
-
Size
255KB
-
Sample
231208-t6jndacgg5
-
MD5
576793b5fb46246819debd10efdec957
-
SHA1
ebf12fb28586b9597085923878195a9e24d192d2
-
SHA256
db5fe4e4b01294d131cd68de0cb8acf346973de35d138224fd69ce33e129fb13
-
SHA512
f71494f19d420f585e32b9ff209762911302ef1efa0d23226757854c3f421e5c2fdd6c03b71ab64893a0273bb6ad64c4f494de009c3ef0ad681b7f27fb6e0123
-
SSDEEP
6144:Ld2QvaPw5P4s+d1M3QNXzbAQ8c7rq+Q2kIKeq0yqsE3v5E:LwQvB5g/jMghkQg56yqskK
Static task
static1
Behavioral task
behavioral1
Sample
afro76tyg.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
afro76tyg.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6669461375:AAGwrSGDuGS4lzGe3ziI4ubZc9TzQ8r1m8o/
Targets
-
-
Target
afro76tyg.exe
-
Size
334KB
-
MD5
20ca3c6b39bae2b654b976d0577405d8
-
SHA1
6eff448ec998ed4499f312b4ab93801a6707267a
-
SHA256
897f63b1e9aa84952f2412533fece39161f4fb4ee3077ee5d430ffc13a4383c7
-
SHA512
04a5f89053555e2a4fe86fa109fa5cebe42103acb4bc1d683b88c4a6095b4bcd6a18d492a019200991cf2affb74485330c0ae6a72ba6041254c512effe978b16
-
SSDEEP
6144:hEkP48HVp1FKYWxDPzLyNMVDAcdfPg93Sw9Z7zLtX6s5kO+Bm9clq61:hEZ8HVpPKFSNI84493SWbXH5kSilq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-