General
-
Target
https://cdn.discordapp.com/attachments/1227447189110784041/1232356151153266739/Driverfn_x64.rar?ex=6629289a&is=6627d71a&hm=76541a23924903902aa14eaaa9b3d782f1fad86a7ed7b7321d8a4ab11b61f13d&
-
Sample
240423-s7qbwahf43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1227447189110784041/1232356151153266739/Driverfn_x64.rar?ex=6629289a&is=6627d71a&hm=76541a23924903902aa14eaaa9b3d782f1fad86a7ed7b7321d8a4ab11b61f13d&
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1227447189110784041/1232356151153266739/Driverfn_x64.rar?ex=6629289a&is=6627d71a&hm=76541a23924903902aa14eaaa9b3d782f1fad86a7ed7b7321d8a4ab11b61f13d&
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-