General
-
Target
5141b0042723b654ce6257897c61f78697e0ece7cb9e0b264bd3d6ef3e44d58e
-
Size
599KB
-
Sample
240426-cqq9vahc2z
-
MD5
19484ac779e101965086a08f75502918
-
SHA1
efc2e5910c802620776140e2d59b248205d2e170
-
SHA256
5141b0042723b654ce6257897c61f78697e0ece7cb9e0b264bd3d6ef3e44d58e
-
SHA512
0bd4c72e5dd4534d385b341f295a725d95a2c085711fede5919acc38cf4be9dd88b4419ba9c324403a61079086aa9968f1083562db8470495dfe6f481969b3fa
-
SSDEEP
12288:rK90o7oS4VAFziYGqusz/n8ASXI6FL3IswnDNjoTKYw:WG2dMAIYGBCv8VzL4TnBjoOYw
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7131275962:AAE-dJRIntufGLICZWLXrTBpxMw_24XDbCc/
Targets
-
-
Target
5141b0042723b654ce6257897c61f78697e0ece7cb9e0b264bd3d6ef3e44d58e
-
Size
599KB
-
MD5
19484ac779e101965086a08f75502918
-
SHA1
efc2e5910c802620776140e2d59b248205d2e170
-
SHA256
5141b0042723b654ce6257897c61f78697e0ece7cb9e0b264bd3d6ef3e44d58e
-
SHA512
0bd4c72e5dd4534d385b341f295a725d95a2c085711fede5919acc38cf4be9dd88b4419ba9c324403a61079086aa9968f1083562db8470495dfe6f481969b3fa
-
SSDEEP
12288:rK90o7oS4VAFziYGqusz/n8ASXI6FL3IswnDNjoTKYw:WG2dMAIYGBCv8VzL4TnBjoOYw
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
UAC bypass
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-