General
-
Target
e4aa399e5df5c48a5d8141676c53a0b1f5c6af2822de6cec89cea4018a657b68
-
Size
578KB
-
Sample
240330-bze3haeb4t
-
MD5
4a94305aed23bd34e543e458af43a4d6
-
SHA1
fbbedbc4f487b4131cf17187e1d15adf77a3f1e4
-
SHA256
e4aa399e5df5c48a5d8141676c53a0b1f5c6af2822de6cec89cea4018a657b68
-
SHA512
a93dda85f751e70517d1d48daa0b22209b7d849faaa46f2b42df4275d84ac572cdee329b01713350c3f165c46097f035d9f728460d3b1339bebb12dadc17a424
-
SSDEEP
12288:prN3B4f7VvmIsvmO/zhWknXH/GMRsozSbspnWBE+CJZ:puhsT/zhWk3/GQnvr
Static task
static1
Behavioral task
behavioral1
Sample
e4aa399e5df5c48a5d8141676c53a0b1f5c6af2822de6cec89cea4018a657b68.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7189076260:AAHEL9QuHqQcKXN8kPXNO5BpYSd3XtQOqFg/
Targets
-
-
Target
e4aa399e5df5c48a5d8141676c53a0b1f5c6af2822de6cec89cea4018a657b68
-
Size
578KB
-
MD5
4a94305aed23bd34e543e458af43a4d6
-
SHA1
fbbedbc4f487b4131cf17187e1d15adf77a3f1e4
-
SHA256
e4aa399e5df5c48a5d8141676c53a0b1f5c6af2822de6cec89cea4018a657b68
-
SHA512
a93dda85f751e70517d1d48daa0b22209b7d849faaa46f2b42df4275d84ac572cdee329b01713350c3f165c46097f035d9f728460d3b1339bebb12dadc17a424
-
SSDEEP
12288:prN3B4f7VvmIsvmO/zhWknXH/GMRsozSbspnWBE+CJZ:puhsT/zhWk3/GQnvr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-