General
-
Target
8b8f71b8c4635423ee93322bd53f36bf3ec1d0a2cb14b5f222a9543f1a2c9d5d
-
Size
792KB
-
Sample
240426-bkn2vsgg77
-
MD5
721827f972b2869a1e38c582a5333cfc
-
SHA1
9cadbbe4f3ebf9b37bb804b8a3515d223c11c7d4
-
SHA256
8b8f71b8c4635423ee93322bd53f36bf3ec1d0a2cb14b5f222a9543f1a2c9d5d
-
SHA512
e60a7ff0468141ce0f865322838f9cde09a0b3d8b6a4785ed0b14e7400eed0361753c97167284b02eac801f7f5a2488d3ddb9df553fa64981e1f5575291f8da6
-
SSDEEP
12288:eoycif9P4ZTNE2tBEb1ciufD8XDEgZ2VhJa02Jh5e6GNkB5UI:emiBOJbt2Rja4TEo2zJa/e7NkBL
Static task
static1
Behavioral task
behavioral1
Sample
8b8f71b8c4635423ee93322bd53f36bf3ec1d0a2cb14b5f222a9543f1a2c9d5d.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8b8f71b8c4635423ee93322bd53f36bf3ec1d0a2cb14b5f222a9543f1a2c9d5d.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5703952020:AAFbuTwuDVaktq13U39atCgEj31myEk4jgI/
Targets
-
-
Target
8b8f71b8c4635423ee93322bd53f36bf3ec1d0a2cb14b5f222a9543f1a2c9d5d
-
Size
792KB
-
MD5
721827f972b2869a1e38c582a5333cfc
-
SHA1
9cadbbe4f3ebf9b37bb804b8a3515d223c11c7d4
-
SHA256
8b8f71b8c4635423ee93322bd53f36bf3ec1d0a2cb14b5f222a9543f1a2c9d5d
-
SHA512
e60a7ff0468141ce0f865322838f9cde09a0b3d8b6a4785ed0b14e7400eed0361753c97167284b02eac801f7f5a2488d3ddb9df553fa64981e1f5575291f8da6
-
SSDEEP
12288:eoycif9P4ZTNE2tBEb1ciufD8XDEgZ2VhJa02Jh5e6GNkB5UI:emiBOJbt2Rja4TEo2zJa/e7NkBL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-