General
-
Target
229ec7247f6417ca029b4bac8fffbaffebcef4cf42bceff5c40bd15b6149e92b
-
Size
709KB
-
Sample
240327-cq6pjadd3y
-
MD5
4ebe659310f5d6aad2f68cc67f59e93a
-
SHA1
e626ac43353c8e558548b4498e2b34fed60f796b
-
SHA256
229ec7247f6417ca029b4bac8fffbaffebcef4cf42bceff5c40bd15b6149e92b
-
SHA512
6512737e8a03c8e70d1b0a08917f963ed5053662e7d6bfdfef5ab3f583c01e2b8ee8ae6c02cba0857ca744144897e4cb13ba0db6201dec46daf5fa280847ab21
-
SSDEEP
12288:6CqyJa5W6OxpQHec9WEXIATom/YjKVKAvJ25dU6fTDQc1A7Tsjr6V1iY3n:dqyb6vHe0XBTosAAx25280oA74raZ3
Malware Config
Extracted
agenttesla
https://discordapp.com/api/webhooks/1209079326381703258/KMWScJ3_PST6cUhH_FpNX9xquPQydoTw5ra7lQhfDovLGBW7jR_Rk634D6j1s1IOLj61
Targets
-
-
Target
229ec7247f6417ca029b4bac8fffbaffebcef4cf42bceff5c40bd15b6149e92b
-
Size
709KB
-
MD5
4ebe659310f5d6aad2f68cc67f59e93a
-
SHA1
e626ac43353c8e558548b4498e2b34fed60f796b
-
SHA256
229ec7247f6417ca029b4bac8fffbaffebcef4cf42bceff5c40bd15b6149e92b
-
SHA512
6512737e8a03c8e70d1b0a08917f963ed5053662e7d6bfdfef5ab3f583c01e2b8ee8ae6c02cba0857ca744144897e4cb13ba0db6201dec46daf5fa280847ab21
-
SSDEEP
12288:6CqyJa5W6OxpQHec9WEXIATom/YjKVKAvJ25dU6fTDQc1A7Tsjr6V1iY3n:dqyb6vHe0XBTosAAx25280oA74raZ3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-