General
-
Target
e240139a207773b24047ce352998870ba5db138ddeee2f03983e2e0b95ba7cdb
-
Size
636KB
-
Sample
240327-y1qa7abb53
-
MD5
5b267b3ced989c8eb1f5c12615070ab8
-
SHA1
19b49ce5e2473fda916815fa1156e6e04a1d7ed0
-
SHA256
e240139a207773b24047ce352998870ba5db138ddeee2f03983e2e0b95ba7cdb
-
SHA512
940adedcb69b9a10555239b8d81b7811e851650b0ce2e443a6b5e650b088af28ca26812173a9c0533ce7f980407ff24d8c84677d19b177d1ad1996cc5ed13042
-
SSDEEP
12288:R+b2BC0W57MCntcrGKqPq4dhj1HlfQhuQcvhOmyvbLKI:U2B+yCCrlqC4PvQ5Fnvv
Static task
static1
Behavioral task
behavioral1
Sample
e240139a207773b24047ce352998870ba5db138ddeee2f03983e2e0b95ba7cdb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e240139a207773b24047ce352998870ba5db138ddeee2f03983e2e0b95ba7cdb.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6890953843:AAESDeAPFWFuXjE5oUpLiVkGoZxJQbW2ZFE/
Targets
-
-
Target
e240139a207773b24047ce352998870ba5db138ddeee2f03983e2e0b95ba7cdb
-
Size
636KB
-
MD5
5b267b3ced989c8eb1f5c12615070ab8
-
SHA1
19b49ce5e2473fda916815fa1156e6e04a1d7ed0
-
SHA256
e240139a207773b24047ce352998870ba5db138ddeee2f03983e2e0b95ba7cdb
-
SHA512
940adedcb69b9a10555239b8d81b7811e851650b0ce2e443a6b5e650b088af28ca26812173a9c0533ce7f980407ff24d8c84677d19b177d1ad1996cc5ed13042
-
SSDEEP
12288:R+b2BC0W57MCntcrGKqPq4dhj1HlfQhuQcvhOmyvbLKI:U2B+yCCrlqC4PvQ5Fnvv
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-