General
-
Target
284092cb29336588fac75588e50be87973099b1cefd029d644036a56bfcb8b82
-
Size
711KB
-
Sample
240430-b48klsgf84
-
MD5
ee1c67d17ada4b2d08bf72922a1ae7b4
-
SHA1
fe6f374989c59815b1e40da0cd6be99d76a0c54e
-
SHA256
284092cb29336588fac75588e50be87973099b1cefd029d644036a56bfcb8b82
-
SHA512
b67820b4bd32b4993771b52964e4b7deef349dcf144470c1880eb558b6c83822ee4a302605a674adeb467e7272fd1b8436ab611a7459f14b4344671a7c9fceb3
-
SSDEEP
12288:G+DbglB778QeMYl1hkekKm6+4FY2V1fFqatDvsTuwQAL4yAAy+vm2NYh7HkR:fglBDYLe9QV1fgahvUhKyDvm2NN
Static task
static1
Behavioral task
behavioral1
Sample
284092cb29336588fac75588e50be87973099b1cefd029d644036a56bfcb8b82.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
284092cb29336588fac75588e50be87973099b1cefd029d644036a56bfcb8b82.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7109324415:AAEtV_HPY0H5mFN38xCDvDx9wl-kKb9q3qg/
Targets
-
-
Target
284092cb29336588fac75588e50be87973099b1cefd029d644036a56bfcb8b82
-
Size
711KB
-
MD5
ee1c67d17ada4b2d08bf72922a1ae7b4
-
SHA1
fe6f374989c59815b1e40da0cd6be99d76a0c54e
-
SHA256
284092cb29336588fac75588e50be87973099b1cefd029d644036a56bfcb8b82
-
SHA512
b67820b4bd32b4993771b52964e4b7deef349dcf144470c1880eb558b6c83822ee4a302605a674adeb467e7272fd1b8436ab611a7459f14b4344671a7c9fceb3
-
SSDEEP
12288:G+DbglB778QeMYl1hkekKm6+4FY2V1fFqatDvsTuwQAL4yAAy+vm2NYh7HkR:fglBDYLe9QV1fgahvUhKyDvm2NN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-