General
-
Target
17d3d953d8fabc5433929f4c8b9cddf8f6f266353a80887d6643bfd3a0a93f25
-
Size
1.2MB
-
Sample
240327-b4fvlahd82
-
MD5
9c57049a843ccd1bf961a31f3a07640a
-
SHA1
ff4ff906be4f57cfb3475ab6924b86fbe418f67c
-
SHA256
17d3d953d8fabc5433929f4c8b9cddf8f6f266353a80887d6643bfd3a0a93f25
-
SHA512
82ccf20a24a105cc2f1127da78fe66051dc6c4e9e9b3f2931739cb06b695d769d0ffc7f0d84677febd6b3544bd4365f553e780d78ff04586d3630423abdd5aa8
-
SSDEEP
3072:kahRrgvH6Sn0Kpt0Ifi+neNrP1gnrV2GCs11IxDdLNf+eyRBmZggHRzjS9b1yOcG:XhVS0tIfZeNpgB25s1CnBwmZB/S9pkB
Static task
static1
Behavioral task
behavioral1
Sample
Rimessa _Swift_Copy_104.bat
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Rimessa _Swift_Copy_104.bat
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7132889766:AAFJvPkiK-1rv-CJQ2hQXEL_CYzO_zi018g/
Targets
-
-
Target
Rimessa _Swift_Copy_104.bat
-
Size
190KB
-
MD5
9c8e718ad44b4580a60af5297036b3b2
-
SHA1
c399ac2601b440e518eb778609986ea54c218ccf
-
SHA256
de6511f08ed03c52a930a8825a34ff72bfc54d51110a4412a3f656a0da4b1f49
-
SHA512
435c2e21ba8c3fa46421fd259ca4a8044eedbaec9c902b2e6b63b4c5716cb18aaf9578c5e8bb6bef0b8e4031d24c5f1b4fb8d264e2e21c45b0a6847dca0c451c
-
SSDEEP
3072:ehRrgvH6Sn0Kpt0Ifi+neNrP1gnrV2GCs11IxDdLNf+eyRBmZggHRzjS9b1yOcOA:ehVS0tIfZeNpgB25s1CnBwmZB/S9pkBr
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Suspicious use of SetThreadContext
-