General
-
Target
731adf7ac51c45d16b4eabb8a2cba5789498f52e355cbe278cb54172ecc884f2
-
Size
500KB
-
Sample
240322-cpxegafb44
-
MD5
e50c647ade760bb34458f4a23458da14
-
SHA1
cc1f2cebabc8fb3208818b2028b18b0040e2c229
-
SHA256
731adf7ac51c45d16b4eabb8a2cba5789498f52e355cbe278cb54172ecc884f2
-
SHA512
01b4dc95023981513e8912b37c5ba5aa6b9c232c8c80dbd50e6930c9b9a334a9ea3c09b87c978a22c18f1251488e32b639780d5f749b1067cfab11f29319c5c3
-
SSDEEP
3072:/S6MBoglFU8uT14K5BjWUzpsYyjxh4H444lM:/8BoO+T4KOO6f4H444l
Behavioral task
behavioral1
Sample
1C24TNN_00000014.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1C24TNN_00000014.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7065574915:AAGqdyBoQ1HUjGuLPU7BdeGxB07q15OCF18/
Targets
-
-
Target
1C24TNN_00000014.exe
-
Size
448KB
-
MD5
241036b62b644433eeda9f4bf4c8dc40
-
SHA1
57e00fd86695049639168c22fb5bb9ab9136a7fe
-
SHA256
9153a8b3b10c014b57d836be98255e8747f3ee4d933c8ed1980cde09d5dec0e9
-
SHA512
28097d26167483c9dc57230875bd551985278fb452ba74e7e0914ddb9c3894ff27e7cf088b6b2cdbb2054a52001c540c3c89119b010e9f3201ec4e284b96dae1
-
SSDEEP
3072:HS6MBoglFU8uT14K5BjWUzpsYyjxh4H444lM:H8BoO+T4KOO6f4H444l
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
PureLog Stealer payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Suspicious use of SetThreadContext
-