General
-
Target
aa7fdcf59835360a46dfc4347982ab38c4ee41e50d7d106a9afdfda04460d361
-
Size
659KB
-
Sample
240408-bgnxpacb95
-
MD5
e2cc0ff6c0a66da37436640a56b6cbc6
-
SHA1
11bb67e3a1ba3e93fb4b5d27d32e39a9ace9d4d9
-
SHA256
aa7fdcf59835360a46dfc4347982ab38c4ee41e50d7d106a9afdfda04460d361
-
SHA512
1a9ee93c231e4c63aca7a7a4131c94fce53b31470fc1ab7ef3db74804dd1d5ccd8266e04119704cff42b4cd9125737c7fab7452ae39b60184599cea0a49a5f35
-
SSDEEP
12288:hiUH31lcG422lA5kd+ac7yAo6kbm7LLE6aTBzp+k+2TgJk14eFw8qfcvSkR:hZHllcGRSAkE7yA6bOEokLQa4eFw8oah
Static task
static1
Behavioral task
behavioral1
Sample
aa7fdcf59835360a46dfc4347982ab38c4ee41e50d7d106a9afdfda04460d361.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
aa7fdcf59835360a46dfc4347982ab38c4ee41e50d7d106a9afdfda04460d361.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6738181111:AAFZn4xGhveBsIuWLAJ3TV7_pVwOw-ngqaY/
Targets
-
-
Target
aa7fdcf59835360a46dfc4347982ab38c4ee41e50d7d106a9afdfda04460d361
-
Size
659KB
-
MD5
e2cc0ff6c0a66da37436640a56b6cbc6
-
SHA1
11bb67e3a1ba3e93fb4b5d27d32e39a9ace9d4d9
-
SHA256
aa7fdcf59835360a46dfc4347982ab38c4ee41e50d7d106a9afdfda04460d361
-
SHA512
1a9ee93c231e4c63aca7a7a4131c94fce53b31470fc1ab7ef3db74804dd1d5ccd8266e04119704cff42b4cd9125737c7fab7452ae39b60184599cea0a49a5f35
-
SSDEEP
12288:hiUH31lcG422lA5kd+ac7yAo6kbm7LLE6aTBzp+k+2TgJk14eFw8qfcvSkR:hZHllcGRSAkE7yA6bOEokLQa4eFw8oah
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-