General
-
Target
c2397ab357eae308b98360110c809e8e63d48d7b8b88449615a5a252354b2c60
-
Size
745KB
-
Sample
240328-bpvp7sac25
-
MD5
a2fae54266cb96924d3a16fef3b39122
-
SHA1
4b0507361804b6579d80642f3375604690bbf07b
-
SHA256
c2397ab357eae308b98360110c809e8e63d48d7b8b88449615a5a252354b2c60
-
SHA512
f94578821bf2755bacd9cb668f8df3554e4a7e7247eca32a3814abab7180d2060ed4a77a76fe12130c1aeba09bf95ac9a3e896ae4681ce2e9cf28951331c81af
-
SSDEEP
12288:Hdyr89smmxgbHwwTkOk9SmRBR0dn2mL/8iHsbRgTsI0rtAjmaY:Hd+gfawTJatOt2mouGaY
Static task
static1
Behavioral task
behavioral1
Sample
c2397ab357eae308b98360110c809e8e63d48d7b8b88449615a5a252354b2c60.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7192961923:AAEu0sYs8DVbOCj8GP81IJlqXCHjJ_Qooak/
Targets
-
-
Target
c2397ab357eae308b98360110c809e8e63d48d7b8b88449615a5a252354b2c60
-
Size
745KB
-
MD5
a2fae54266cb96924d3a16fef3b39122
-
SHA1
4b0507361804b6579d80642f3375604690bbf07b
-
SHA256
c2397ab357eae308b98360110c809e8e63d48d7b8b88449615a5a252354b2c60
-
SHA512
f94578821bf2755bacd9cb668f8df3554e4a7e7247eca32a3814abab7180d2060ed4a77a76fe12130c1aeba09bf95ac9a3e896ae4681ce2e9cf28951331c81af
-
SSDEEP
12288:Hdyr89smmxgbHwwTkOk9SmRBR0dn2mL/8iHsbRgTsI0rtAjmaY:Hd+gfawTJatOt2mouGaY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-