General
-
Target
e05b1662469dd0a2e099a46bd80a3227
-
Size
1.1MB
-
Sample
240327-azzlgaah9w
-
MD5
e05b1662469dd0a2e099a46bd80a3227
-
SHA1
14ed87f0d91d12abe03eadf5081aeabef39c593b
-
SHA256
4a351a247b91bf13eb32ed2f496f1e40befb2ada364e27b8c4e58a9451b2f227
-
SHA512
f9ce31511c26410bf5eb909e60f8b02313932d83b13008e46b51fe2fbf40edbc9265bb5cc3de8920b8fcade84050ad19ced946f6b8cd0e8d8b66a5a4d2cad5a4
-
SSDEEP
12288:0yqPa0pZclO6Bd12avbhb3MBK7z3pYqd2wR4P75h1v3lfCsqb6OnW1R:0IeZc8o9tM+Nxd2pP5v3hCs46ZR
Static task
static1
Behavioral task
behavioral1
Sample
e05b1662469dd0a2e099a46bd80a3227.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e05b1662469dd0a2e099a46bd80a3227.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1916969851:AAE6bbnxzDCrRvYOe28VWQGZGiRjZVHf_iY/sendDocument
Targets
-
-
Target
e05b1662469dd0a2e099a46bd80a3227
-
Size
1.1MB
-
MD5
e05b1662469dd0a2e099a46bd80a3227
-
SHA1
14ed87f0d91d12abe03eadf5081aeabef39c593b
-
SHA256
4a351a247b91bf13eb32ed2f496f1e40befb2ada364e27b8c4e58a9451b2f227
-
SHA512
f9ce31511c26410bf5eb909e60f8b02313932d83b13008e46b51fe2fbf40edbc9265bb5cc3de8920b8fcade84050ad19ced946f6b8cd0e8d8b66a5a4d2cad5a4
-
SSDEEP
12288:0yqPa0pZclO6Bd12avbhb3MBK7z3pYqd2wR4P75h1v3lfCsqb6OnW1R:0IeZc8o9tM+Nxd2pP5v3hCs46ZR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-