General
-
Target
73629041ba21eac0612891fa373454497871b1dddf5bf0c6f1600a09e406674f
-
Size
4.3MB
-
Sample
240329-brvszsdg7t
-
MD5
609ca9e45fae3c8ec391bc6f29d816c0
-
SHA1
7ca79f97289527a7ceac7187d76f15b58b2bcc97
-
SHA256
73629041ba21eac0612891fa373454497871b1dddf5bf0c6f1600a09e406674f
-
SHA512
d74b0fbd7af81e052a0b9ca68776e85b95522e18618ef53ba326bdad90d82043bfc566a547526c0f771ecb50f36ac41c4ea7a581196578e37887921bad951a6f
-
SSDEEP
49152:dKFvwrMy8gTdybhb8jwyX88OaU9LsI67gFQJqXTzs+q5X9dr8/:lvy1Q8aU9LxUBj4/
Static task
static1
Behavioral task
behavioral1
Sample
73629041ba21eac0612891fa373454497871b1dddf5bf0c6f1600a09e406674f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
73629041ba21eac0612891fa373454497871b1dddf5bf0c6f1600a09e406674f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6971578934:AAF5v308yK27D7O9hOaTd8yPwpZGC0RMoTA/
Targets
-
-
Target
73629041ba21eac0612891fa373454497871b1dddf5bf0c6f1600a09e406674f
-
Size
4.3MB
-
MD5
609ca9e45fae3c8ec391bc6f29d816c0
-
SHA1
7ca79f97289527a7ceac7187d76f15b58b2bcc97
-
SHA256
73629041ba21eac0612891fa373454497871b1dddf5bf0c6f1600a09e406674f
-
SHA512
d74b0fbd7af81e052a0b9ca68776e85b95522e18618ef53ba326bdad90d82043bfc566a547526c0f771ecb50f36ac41c4ea7a581196578e37887921bad951a6f
-
SSDEEP
49152:dKFvwrMy8gTdybhb8jwyX88OaU9LsI67gFQJqXTzs+q5X9dr8/:lvy1Q8aU9LxUBj4/
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-