General
-
Target
740afaf065dde91af29d6796021110be15706d316eb0fa1d52f033f51e5a85ea
-
Size
1.0MB
-
Sample
240425-dysy3sef7s
-
MD5
855d8e2fe3cfad8f3c7d700d82d1f498
-
SHA1
5bdd4805f069c655c4ebc0975b18c51a758f53f5
-
SHA256
740afaf065dde91af29d6796021110be15706d316eb0fa1d52f033f51e5a85ea
-
SHA512
0a881f904d29d3808815b707d33b1098c0a50c9a57c33d7a612e0559a66f3598c6b377d02423cba643bc7af5dc81dd4f330bd151a4f5ff7339bc57e83b495e81
-
SSDEEP
24576:30QxE8tlC5igXzVZTed4RYCQsd6rKISyv9:3A8vCAgjVMd4RRFdsSyV
Static task
static1
Behavioral task
behavioral1
Sample
740afaf065dde91af29d6796021110be15706d316eb0fa1d52f033f51e5a85ea.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7099320956:AAEbKuoPa3eGpVw59XdjZSpakl0EQvO5p9g/
Targets
-
-
Target
740afaf065dde91af29d6796021110be15706d316eb0fa1d52f033f51e5a85ea
-
Size
1.0MB
-
MD5
855d8e2fe3cfad8f3c7d700d82d1f498
-
SHA1
5bdd4805f069c655c4ebc0975b18c51a758f53f5
-
SHA256
740afaf065dde91af29d6796021110be15706d316eb0fa1d52f033f51e5a85ea
-
SHA512
0a881f904d29d3808815b707d33b1098c0a50c9a57c33d7a612e0559a66f3598c6b377d02423cba643bc7af5dc81dd4f330bd151a4f5ff7339bc57e83b495e81
-
SSDEEP
24576:30QxE8tlC5igXzVZTed4RYCQsd6rKISyv9:3A8vCAgjVMd4RRFdsSyV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-