General
-
Target
013288d86412f1ab6839deb1562ec98ba6dad27e0e847a1a7b5526a7737a62d7
-
Size
620KB
-
Sample
240328-bj1n9scd8t
-
MD5
6aff7fae411e1e1f8619f554512d6c91
-
SHA1
66970f2a85c3c2fbf27b8fd85ffa6089eceaeabc
-
SHA256
013288d86412f1ab6839deb1562ec98ba6dad27e0e847a1a7b5526a7737a62d7
-
SHA512
aebbec988c1f18701707b693a7bc88aac612c1610edb8809e65737297c487572986523edd2cde5dc6524f4c7476da06bbb6350dccfd881c4df8b6790d97231be
-
SSDEEP
12288:3YFP0VEOR1PSrJJ1KkEGzcQVfukwgjPaxi10YtFnnL7Wu/NkDqD:3WO3SrJJ1pXVfuOiKJW0P
Static task
static1
Behavioral task
behavioral1
Sample
013288d86412f1ab6839deb1562ec98ba6dad27e0e847a1a7b5526a7737a62d7.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7131275962:AAE-dJRIntufGLICZWLXrTBpxMw_24XDbCc/
Targets
-
-
Target
013288d86412f1ab6839deb1562ec98ba6dad27e0e847a1a7b5526a7737a62d7
-
Size
620KB
-
MD5
6aff7fae411e1e1f8619f554512d6c91
-
SHA1
66970f2a85c3c2fbf27b8fd85ffa6089eceaeabc
-
SHA256
013288d86412f1ab6839deb1562ec98ba6dad27e0e847a1a7b5526a7737a62d7
-
SHA512
aebbec988c1f18701707b693a7bc88aac612c1610edb8809e65737297c487572986523edd2cde5dc6524f4c7476da06bbb6350dccfd881c4df8b6790d97231be
-
SSDEEP
12288:3YFP0VEOR1PSrJJ1KkEGzcQVfukwgjPaxi10YtFnnL7Wu/NkDqD:3WO3SrJJ1pXVfuOiKJW0P
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-