General
-
Target
a.exe
-
Size
987KB
-
Sample
240426-qrr5escf48
-
MD5
3c92ed7a17d27258db7ab8cc07f21fbe
-
SHA1
ec36cec53b6cb86d25eb253f949baedb012cdca3
-
SHA256
63dec2acef5d5f9e4c9d9626bd51b29db2e8d8111bcac60d531d80799c72267e
-
SHA512
a0c3d84eb5fce8da498e23c97355625a35c3d009569616ef5d0a9452e01e0e03814dbdd48fed4354faeb5823fac5262d14f24119d0bad4b541bdf424f04c3d09
-
SSDEEP
24576:/0suND4kgKBoCLtIkSuZFjIzKBzO2Omj2xIY/C2kFw:nFKBoCBHSkjsUOmj2aOC2b
Static task
static1
Behavioral task
behavioral1
Sample
a.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
a.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6678522004:AAFCzMcx9PFLt4zQrKaDiOluS83dl0_buKM/
Targets
-
-
Target
a.exe
-
Size
987KB
-
MD5
3c92ed7a17d27258db7ab8cc07f21fbe
-
SHA1
ec36cec53b6cb86d25eb253f949baedb012cdca3
-
SHA256
63dec2acef5d5f9e4c9d9626bd51b29db2e8d8111bcac60d531d80799c72267e
-
SHA512
a0c3d84eb5fce8da498e23c97355625a35c3d009569616ef5d0a9452e01e0e03814dbdd48fed4354faeb5823fac5262d14f24119d0bad4b541bdf424f04c3d09
-
SSDEEP
24576:/0suND4kgKBoCLtIkSuZFjIzKBzO2Omj2xIY/C2kFw:nFKBoCBHSkjsUOmj2aOC2b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-