General
-
Target
6a1272eecec60da3d209306472693e37794688afe2ef73a88caa8f544fad78df
-
Size
689KB
-
Sample
240329-bpfahsdf9s
-
MD5
96a2ec227cf9e2f95855d82dda6de44f
-
SHA1
6c46c3006a7b36b8687378daf0ebcc2d940d28ff
-
SHA256
6a1272eecec60da3d209306472693e37794688afe2ef73a88caa8f544fad78df
-
SHA512
c5e35e60489bccc115fef3a1006f309a8f528ded84d25aeba4995da67f4c04a9a92a9ef8bf5bde920ab6fbc4ad7e44daab524f6f179a50e8d545dc161d1b353e
-
SSDEEP
12288:E/M0YOwqOp9exqXwcXZTmTwB7Dr3/3dUqk0bji9Tv6QTvlSaDpKiw7L8:dO7InXJVmwv3/362jk6Q9Vy8
Static task
static1
Behavioral task
behavioral1
Sample
6a1272eecec60da3d209306472693e37794688afe2ef73a88caa8f544fad78df.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6a1272eecec60da3d209306472693e37794688afe2ef73a88caa8f544fad78df.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6479234125:AAGR9wD3O4QFw8tDpYUc9GT0Rx3fOS9zKv0/
Targets
-
-
Target
6a1272eecec60da3d209306472693e37794688afe2ef73a88caa8f544fad78df
-
Size
689KB
-
MD5
96a2ec227cf9e2f95855d82dda6de44f
-
SHA1
6c46c3006a7b36b8687378daf0ebcc2d940d28ff
-
SHA256
6a1272eecec60da3d209306472693e37794688afe2ef73a88caa8f544fad78df
-
SHA512
c5e35e60489bccc115fef3a1006f309a8f528ded84d25aeba4995da67f4c04a9a92a9ef8bf5bde920ab6fbc4ad7e44daab524f6f179a50e8d545dc161d1b353e
-
SSDEEP
12288:E/M0YOwqOp9exqXwcXZTmTwB7Dr3/3dUqk0bji9Tv6QTvlSaDpKiw7L8:dO7InXJVmwv3/362jk6Q9Vy8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-