General
-
Target
e34867d9be6eebddbfe58943268c084be85f1eb631f9523489a3def43a2ea382.exe
-
Size
234KB
-
Sample
240403-p7hp9adg73
-
MD5
66f608942a498bd29bb63dc475abbff5
-
SHA1
1a58b2195340992591f26644e69529bd6eb173c8
-
SHA256
e34867d9be6eebddbfe58943268c084be85f1eb631f9523489a3def43a2ea382
-
SHA512
0986c37e917df97a791f2013909ee6ab75f4ca3d15e222eb96a2acbc9759e88ecc298759d95ec672c45e9c25d0f5984c82a8eda01dfcc3a7c400d39daff4c2d7
-
SSDEEP
3072:rxICsyBFeuueO26/M8IYdlU9H/xE5JMwuw5VxeChexP:rxICzBFeuueO26/M8IYXU96z4seCw
Behavioral task
behavioral1
Sample
e34867d9be6eebddbfe58943268c084be85f1eb631f9523489a3def43a2ea382.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e34867d9be6eebddbfe58943268c084be85f1eb631f9523489a3def43a2ea382.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6859606558:AAGx7fHrpBCN-CTqCzssxHyN25eAdEuJelI/
Targets
-
-
Target
e34867d9be6eebddbfe58943268c084be85f1eb631f9523489a3def43a2ea382.exe
-
Size
234KB
-
MD5
66f608942a498bd29bb63dc475abbff5
-
SHA1
1a58b2195340992591f26644e69529bd6eb173c8
-
SHA256
e34867d9be6eebddbfe58943268c084be85f1eb631f9523489a3def43a2ea382
-
SHA512
0986c37e917df97a791f2013909ee6ab75f4ca3d15e222eb96a2acbc9759e88ecc298759d95ec672c45e9c25d0f5984c82a8eda01dfcc3a7c400d39daff4c2d7
-
SSDEEP
3072:rxICsyBFeuueO26/M8IYdlU9H/xE5JMwuw5VxeChexP:rxICzBFeuueO26/M8IYXU96z4seCw
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-