General
-
Target
cecb6db9d3e82cd3150ad7c144192e300bb86678ff4a8098d3e8723b50668541
-
Size
766KB
-
Sample
240426-ctjn6shc4y
-
MD5
1a90002a3504e10b40065d4e9a84fb74
-
SHA1
5f449ecaffc2e8097607bcb653c968b73472b37a
-
SHA256
cecb6db9d3e82cd3150ad7c144192e300bb86678ff4a8098d3e8723b50668541
-
SHA512
b2e81ed18947f24985771b7d3b89b5c7bae73c63d8552d2237bc6ad775d833d0e4b077c2e04b3822c98b7a299334b567ea0aa02abd9bbff4f214f6a132abc71a
-
SSDEEP
12288:CWYIPXjxannnHg2t6/zCSQ38syT2u0foDRfDiEvM4eTuxgOcCjzt6+Myv4sHck1L:CWYIPFannnHg2f383T2u80fzM6gOcSzo
Static task
static1
Behavioral task
behavioral1
Sample
cecb6db9d3e82cd3150ad7c144192e300bb86678ff4a8098d3e8723b50668541.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cecb6db9d3e82cd3150ad7c144192e300bb86678ff4a8098d3e8723b50668541.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7018885263:AAHT8gfvHTY09mtqDC-rbN8-23c7akL5PN8/
Targets
-
-
Target
cecb6db9d3e82cd3150ad7c144192e300bb86678ff4a8098d3e8723b50668541
-
Size
766KB
-
MD5
1a90002a3504e10b40065d4e9a84fb74
-
SHA1
5f449ecaffc2e8097607bcb653c968b73472b37a
-
SHA256
cecb6db9d3e82cd3150ad7c144192e300bb86678ff4a8098d3e8723b50668541
-
SHA512
b2e81ed18947f24985771b7d3b89b5c7bae73c63d8552d2237bc6ad775d833d0e4b077c2e04b3822c98b7a299334b567ea0aa02abd9bbff4f214f6a132abc71a
-
SSDEEP
12288:CWYIPXjxannnHg2t6/zCSQ38syT2u0foDRfDiEvM4eTuxgOcCjzt6+Myv4sHck1L:CWYIPFannnHg2f383T2u80fzM6gOcSzo
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-