General
-
Target
83b34f0f0a0bdbc115ce0d7e44687ce16c35249650c9d242a646a5ed804fa2f1.exe
-
Size
656KB
-
Sample
240328-cwg85aag75
-
MD5
9949c58a8b33cbe0bcda599f0375f658
-
SHA1
3072f9c9d5f62ab5e8375cb51b6ce796977322dc
-
SHA256
83b34f0f0a0bdbc115ce0d7e44687ce16c35249650c9d242a646a5ed804fa2f1
-
SHA512
18949f9fc8092c04b4389b00109ea8d08ddb607d631e29902c9c92798950397453ff123f268f50d52732f6492ac7e22ca8a75091f70f2d1c9503f6e573308c1d
-
SSDEEP
12288:8H2iNlw0gPsV/68UditxkCOtzigHgYiJO/wwvJyMyXzN5tfd:C1XCcZttqCOtvHxiAVJy/nt
Static task
static1
Behavioral task
behavioral1
Sample
83b34f0f0a0bdbc115ce0d7e44687ce16c35249650c9d242a646a5ed804fa2f1.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
83b34f0f0a0bdbc115ce0d7e44687ce16c35249650c9d242a646a5ed804fa2f1.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7073576997:AAHjVtyF2bgE69UMVGiHWA3fZk0LIdp1j_Y/
Targets
-
-
Target
83b34f0f0a0bdbc115ce0d7e44687ce16c35249650c9d242a646a5ed804fa2f1.exe
-
Size
656KB
-
MD5
9949c58a8b33cbe0bcda599f0375f658
-
SHA1
3072f9c9d5f62ab5e8375cb51b6ce796977322dc
-
SHA256
83b34f0f0a0bdbc115ce0d7e44687ce16c35249650c9d242a646a5ed804fa2f1
-
SHA512
18949f9fc8092c04b4389b00109ea8d08ddb607d631e29902c9c92798950397453ff123f268f50d52732f6492ac7e22ca8a75091f70f2d1c9503f6e573308c1d
-
SSDEEP
12288:8H2iNlw0gPsV/68UditxkCOtzigHgYiJO/wwvJyMyXzN5tfd:C1XCcZttqCOtvHxiAVJy/nt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with SmartAssembly
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-