General
-
Target
d7cf5471f4c3d44991cfc1bc4f585c3d9ceeadd029d03c009d00635674dac3c4
-
Size
1.2MB
-
Sample
240329-bpbx4aec55
-
MD5
797de0a2f3961f15fab9df46d8cd3b9f
-
SHA1
09db4759342f0b94ebe3fb23475c7be2e92958fe
-
SHA256
d7cf5471f4c3d44991cfc1bc4f585c3d9ceeadd029d03c009d00635674dac3c4
-
SHA512
4124fec422ce48fb9d3695e1752a9d44a60c1464a7c30bb3e659221bd6e9728e16815ebed646768bb39ce6d933495e8348f24985237c173c3e450fd75858125a
-
SSDEEP
24576:/RmJkcoQricOIQxiZY1WNsQp7v954uMbyiJWHKAK5:UJZoQrbTFZY1WNsQ99quMbyfqx
Static task
static1
Behavioral task
behavioral1
Sample
d7cf5471f4c3d44991cfc1bc4f585c3d9ceeadd029d03c009d00635674dac3c4.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6811787827:AAEr4cj8xrQKX5i6BnPzE4vzpRaL4EziTo4/
Targets
-
-
Target
d7cf5471f4c3d44991cfc1bc4f585c3d9ceeadd029d03c009d00635674dac3c4
-
Size
1.2MB
-
MD5
797de0a2f3961f15fab9df46d8cd3b9f
-
SHA1
09db4759342f0b94ebe3fb23475c7be2e92958fe
-
SHA256
d7cf5471f4c3d44991cfc1bc4f585c3d9ceeadd029d03c009d00635674dac3c4
-
SHA512
4124fec422ce48fb9d3695e1752a9d44a60c1464a7c30bb3e659221bd6e9728e16815ebed646768bb39ce6d933495e8348f24985237c173c3e450fd75858125a
-
SSDEEP
24576:/RmJkcoQricOIQxiZY1WNsQp7v954uMbyiJWHKAK5:UJZoQrbTFZY1WNsQ99quMbyfqx
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-