General
-
Target
6d11fc6ab95eda61c3a3fdf4743f4593f60acf48220ed398432756c159d8b363
-
Size
610KB
-
Sample
231212-a98xwsdde7
-
MD5
06c4eca63f1816ee76e02747315c740e
-
SHA1
6808d6738c70b54ccbb5384c8b95fcc6aad930f1
-
SHA256
6d11fc6ab95eda61c3a3fdf4743f4593f60acf48220ed398432756c159d8b363
-
SHA512
167e38fb6187d997191599cd3f6b99aaac369bb3c5594f4d2ddd07376b6519eab5a033a0573df5c838f21d4c8becd3dad12b6119ddd633b69d06362839f62f3d
-
SSDEEP
12288:CoNn68xWe0kORAE/c5zS7zCbRZlvZF8urSAeGOKCfocTCIk:CoNn68ZZORjcs7zCbRZlvZ+urSAeGOKR
Static task
static1
Behavioral task
behavioral1
Sample
Product Inquiry.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6562806943:AAGufR13-622BXIjHsbpmkQygiIJA1Vo--c/
Targets
-
-
Target
Product Inquiry.exe
-
Size
649KB
-
MD5
82320975a05fc02962d8f29d073d50bc
-
SHA1
b31e63c7b87daecc376cfc69454a30c7ab418bc9
-
SHA256
786635afea83fbd69d7f93f80258e903a99898bb053dece7fc64ece149e98497
-
SHA512
1df900a2bf90261a93a202fc8cacf135a076a5145f140204d630531f31a4b71b5c4ba69888124909b0ebd75b27088ff3ba4012f30fe3882bad4a1aae9a8183a2
-
SSDEEP
12288:523IU8S6eUd0luizqn+7XvO4Lso9frAib61dLRZl5xF8KrSGcGIJ8BiwL93PXx0:5MItSAdBizq8vxIoBZYLRZl5x+KrSGcN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-