General
-
Target
a93309c8c29169e4d7b5d488a6a294fa02d4e9662fa9c73a9238cb490c1eac43
-
Size
238KB
-
Sample
231209-cby15seahr
-
MD5
56f8612d6c1275d0d398610ff650e97e
-
SHA1
939c49228c1bb5f841119e29063818dcb5b032f0
-
SHA256
a93309c8c29169e4d7b5d488a6a294fa02d4e9662fa9c73a9238cb490c1eac43
-
SHA512
e65eaa040dc04a402d2dce98fe3a752bfba5c2066355dcf573bc1e631e1df5fbcf25d6ab9a8e661374cbda53a876304bd7991f31407a31d558bb29a3e0c3900a
-
SSDEEP
768:wwAbZSibMX9gRWjtwAbZSibMX9gRWj3WKeWJZOzJfnF2P:wwAlRkwAlRTKJQO
Static task
static1
Behavioral task
behavioral1
Sample
a93309c8c29169e4d7b5d488a6a294fa02d4e9662fa9c73a9238cb490c1eac43.rtf
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
a93309c8c29169e4d7b5d488a6a294fa02d4e9662fa9c73a9238cb490c1eac43.rtf
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6569205768:AAFWajgJdrA1uoTrZsNugbAxQG0czmFH64s/
Targets
-
-
Target
a93309c8c29169e4d7b5d488a6a294fa02d4e9662fa9c73a9238cb490c1eac43
-
Size
238KB
-
MD5
56f8612d6c1275d0d398610ff650e97e
-
SHA1
939c49228c1bb5f841119e29063818dcb5b032f0
-
SHA256
a93309c8c29169e4d7b5d488a6a294fa02d4e9662fa9c73a9238cb490c1eac43
-
SHA512
e65eaa040dc04a402d2dce98fe3a752bfba5c2066355dcf573bc1e631e1df5fbcf25d6ab9a8e661374cbda53a876304bd7991f31407a31d558bb29a3e0c3900a
-
SSDEEP
768:wwAbZSibMX9gRWjtwAbZSibMX9gRWj3WKeWJZOzJfnF2P:wwAlRkwAlRTKJQO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-