General
-
Target
04fbf7a3ae45e1d51dd00724cd7291c4d0422f11028916d32c6e2b269656dee2
-
Size
2.5MB
-
Sample
240329-cbxhbaee7w
-
MD5
109a5972cdb1697c275c54d6b6aa1f61
-
SHA1
4b773325d02fc7862e64f0e8ceac5a826952d6ca
-
SHA256
04fbf7a3ae45e1d51dd00724cd7291c4d0422f11028916d32c6e2b269656dee2
-
SHA512
4e53b5bbbdeb573b124c0729638e338513ab70e4297010c5898be5fdb6037cb5061de5a79b9bbe997e9a794d0f4229e4c1b1a75d080057fde49c482978fac18d
-
SSDEEP
49152:v1x/8viD8UznAEk8Yof0kmvY/npZSlOiJH+npBCeCDU3ALHwAqlf39iya2QM2Zv0:Nx/F8Uzi8YoMkGYPpZSlO+HUBCeCDvLy
Static task
static1
Behavioral task
behavioral1
Sample
04fbf7a3ae45e1d51dd00724cd7291c4d0422f11028916d32c6e2b269656dee2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
04fbf7a3ae45e1d51dd00724cd7291c4d0422f11028916d32c6e2b269656dee2.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6859606558:AAGx7fHrpBCN-CTqCzssxHyN25eAdEuJelI/
Targets
-
-
Target
04fbf7a3ae45e1d51dd00724cd7291c4d0422f11028916d32c6e2b269656dee2
-
Size
2.5MB
-
MD5
109a5972cdb1697c275c54d6b6aa1f61
-
SHA1
4b773325d02fc7862e64f0e8ceac5a826952d6ca
-
SHA256
04fbf7a3ae45e1d51dd00724cd7291c4d0422f11028916d32c6e2b269656dee2
-
SHA512
4e53b5bbbdeb573b124c0729638e338513ab70e4297010c5898be5fdb6037cb5061de5a79b9bbe997e9a794d0f4229e4c1b1a75d080057fde49c482978fac18d
-
SSDEEP
49152:v1x/8viD8UznAEk8Yof0kmvY/npZSlOiJH+npBCeCDU3ALHwAqlf39iya2QM2Zv0:Nx/F8Uzi8YoMkGYPpZSlO+HUBCeCDvLy
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-