General
-
Target
a573fef04d3e3afefd879c021bc35636fea5bca4a9cbd8bc14329916c0f36c25
-
Size
642KB
-
Sample
231213-b6tjgaechp
-
MD5
a15d5ae3669199a90d2f3a3192d7a4a9
-
SHA1
0480c7b833d3bc9792ad7484fffe0a6873809e1f
-
SHA256
a573fef04d3e3afefd879c021bc35636fea5bca4a9cbd8bc14329916c0f36c25
-
SHA512
927b07abef62984f53db68236301974b8cba5c076ed0b2fcc2a453a4ba51c45b20b34950f17d7bba02cd68eb07a9b09cc8472f0220b80277c60fd0747c50b759
-
SSDEEP
12288:SYitwbtwoZV2JnUj9Pz9U1e/a3dKY9jz4zX+olfm6LFlMXnYaeM5W4Wn8GHlA:ntBZKnUj9rC1Qatv8zXHdLDMXpV5W4Wa
Static task
static1
Behavioral task
behavioral1
Sample
200-8888-000000-111111-99999-0909.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
200-8888-000000-111111-99999-0909.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6951347694:AAFNQsyUSI3cANPz4_GPvhuwkgXsMAsB41o/
Targets
-
-
Target
200-8888-000000-111111-99999-0909.exe
-
Size
674KB
-
MD5
28c00635cfc915ef65aa9ae781b3ba29
-
SHA1
f7ca0c543bd26d970ad8d79b5d04260db00da862
-
SHA256
dec9e3d82728245f93f270ca561bc1328e7fc64c2da9dc4d07033070262ce7c1
-
SHA512
b492f4d738c3c70fbab11dfe546bada4ce80126893bf5987565fe78f2ef391a515102cca2939f17f67025fdcfea09fbe4cf0c387430ad1a688214ee57c578102
-
SSDEEP
12288:8r6Gu+4WpAEFy7NyoZDUx8939KO7KYL4Ggwz4zX++lrmmLFx8XnYaeM1Zq9dg8+C:Y1pAEgZo+9tH7l4GZ8zXDvLb8XpV/+dU
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-