General
-
Target
e353803a7a2b04eb7cb26f475050de1702f56ce2fee2386d09790bc6d33108ad
-
Size
1.5MB
-
Sample
240328-ccwbmscg7x
-
MD5
063b99ed9266ad0a9e72d1ae3a5a0d7d
-
SHA1
cdb7262b70bdf74c5965d31f9a74ffe988f4c038
-
SHA256
e353803a7a2b04eb7cb26f475050de1702f56ce2fee2386d09790bc6d33108ad
-
SHA512
7e9c1471c741b42bc138c7be8c47d4a666a720d3b8e657e58a3bdd19efeaaf990ad285590f44088965b66662eedaa2545eec9fa4afd857430b41d79be5b7e24b
-
SSDEEP
12288:dbPngUuDdw6O3nlozYHNpJ6LHszuFYv6XFgTbfELyQgHIefWAs:dbPRuRw68nlPtr6l1GfEbK3+L
Static task
static1
Behavioral task
behavioral1
Sample
Tender RFQ.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Tender RFQ.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6834342758:AAHnpbyPCzi-sEo22oVL6DdX9cuTElu_WyA/
Targets
-
-
Target
Tender RFQ.exe
-
Size
810.6MB
-
MD5
e4a6bda9ed47c81b819f8addd8206bcd
-
SHA1
f1f8281a34be44f66d26bbbe30a70f1929a04813
-
SHA256
49cca3ae4113512cf93f611f37ab2a9bf7dc8ce6202083f9ba7d45dbde634682
-
SHA512
0497e79e43aeee8de89e1f0c6d533227aaed27088cfae4a7a40dee87057ff8e163f044d63f48e583736e165e5e04d3f602aa5129fd30b2b5bfd625450f11967c
-
SSDEEP
12288:sbPngQuFdk6Wjn1ozqZN9N6jHszKpIFzdgLbjE/yo3L0r+4Byna5W:sbPluTk6Gn1n336OZMjESr1Yt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-