General
-
Target
e0bb118e32fe6d449955756393afa330
-
Size
475KB
-
Sample
240327-ep6n9acd64
-
MD5
e0bb118e32fe6d449955756393afa330
-
SHA1
1bdc621270f6c44429d3c38468d3d0133cbba2d7
-
SHA256
1d205ed37114385fe95430f3380ac3ed1e26be3a78157577e9361ccf1d406ff8
-
SHA512
1867237fd6ed61a47113b5f2592873f00d43a5d5f9189afe4b66eaaebcac9c890e87f068b6d6ec586df5dab0439be7120417eecb27486ea94002e103be714d7b
-
SSDEEP
12288:1fX25LrCxNuYlcLzakllH7RaR00QH4L72oLCP26gvhrv/26k2dO:1fX25LrCxNuYlcNXt097bOkrv/2/0O
Static task
static1
Behavioral task
behavioral1
Sample
e0bb118e32fe6d449955756393afa330.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e0bb118e32fe6d449955756393afa330.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1850887036:AAH6KBVsKQqY803XMNw1ISD7pOs58OpZSho/sendDocument
Targets
-
-
Target
e0bb118e32fe6d449955756393afa330
-
Size
475KB
-
MD5
e0bb118e32fe6d449955756393afa330
-
SHA1
1bdc621270f6c44429d3c38468d3d0133cbba2d7
-
SHA256
1d205ed37114385fe95430f3380ac3ed1e26be3a78157577e9361ccf1d406ff8
-
SHA512
1867237fd6ed61a47113b5f2592873f00d43a5d5f9189afe4b66eaaebcac9c890e87f068b6d6ec586df5dab0439be7120417eecb27486ea94002e103be714d7b
-
SSDEEP
12288:1fX25LrCxNuYlcLzakllH7RaR00QH4L72oLCP26gvhrv/26k2dO:1fX25LrCxNuYlcNXt097bOkrv/2/0O
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-