General
-
Target
28a11a70ff2b31bebb28fa2193a39ade7ce17f4478beb57f60405ea7452e988f
-
Size
297KB
-
Sample
240430-brbecagf4v
-
MD5
6f56f9adf7bc5d555743d7f9af963e1a
-
SHA1
fcff87c7393b15e4db5db7fe9c92ea22d878aebf
-
SHA256
28a11a70ff2b31bebb28fa2193a39ade7ce17f4478beb57f60405ea7452e988f
-
SHA512
8d5381f64c1f084131c90344c41a8abe6b9d5f6680b2edfe8c0611386566c59b42ab8337c7d729ba3637bb2262af2a9521fee9ea166a3d02aa32405db3dd6113
-
SSDEEP
6144:S1b5FHcTMW5dXdwYLJd+ePCCvlrnCgUhfVseeDoh1yYvczYz:S1tZBWB1aeR1CfieeDohQA
Static task
static1
Behavioral task
behavioral1
Sample
28a11a70ff2b31bebb28fa2193a39ade7ce17f4478beb57f60405ea7452e988f.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
28a11a70ff2b31bebb28fa2193a39ade7ce17f4478beb57f60405ea7452e988f.vbs
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6848173762:AAGkzL4gp0AnmZ6UfiPCUuUFvn7Vkjdjn1M/
Targets
-
-
Target
28a11a70ff2b31bebb28fa2193a39ade7ce17f4478beb57f60405ea7452e988f
-
Size
297KB
-
MD5
6f56f9adf7bc5d555743d7f9af963e1a
-
SHA1
fcff87c7393b15e4db5db7fe9c92ea22d878aebf
-
SHA256
28a11a70ff2b31bebb28fa2193a39ade7ce17f4478beb57f60405ea7452e988f
-
SHA512
8d5381f64c1f084131c90344c41a8abe6b9d5f6680b2edfe8c0611386566c59b42ab8337c7d729ba3637bb2262af2a9521fee9ea166a3d02aa32405db3dd6113
-
SSDEEP
6144:S1b5FHcTMW5dXdwYLJd+ePCCvlrnCgUhfVseeDoh1yYvczYz:S1tZBWB1aeR1CfieeDohQA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-