General
-
Target
993a12eb263fac02f7279502d0968e6666a5e56af2b28e0ceb6e745eca91acba
-
Size
647KB
-
Sample
240430-btjthagg2z
-
MD5
06c13d957c88127cda863e40698082a6
-
SHA1
c935c180e5f6fdfd613ad4b1093b45a566cf740d
-
SHA256
993a12eb263fac02f7279502d0968e6666a5e56af2b28e0ceb6e745eca91acba
-
SHA512
ec536480f366b622c2d65d82d116b397ab19b22cf4e8200c38fffadc55a6e3b8aa1891d5d8506051ac0ee86c4f049607cc8c5461dfb3f13a8917fed8e3fd1216
-
SSDEEP
12288:DF/d8oCZ787m2yUqVkQv77j6UB1/WJbOMTQO8A/wKfzCRR+9imiAZWO4iN6ZsNBl:Dsum24l+J1TQ0wUKIXNrBhNY5K
Static task
static1
Behavioral task
behavioral1
Sample
TNT Original Invoice.scr
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
TNT Original Invoice.scr
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5239412158:AAHXn8rC3uvBHy_kv77GtIcxcuvBuXcKD_8/
Targets
-
-
Target
TNT Original Invoice.scr
-
Size
697KB
-
MD5
4aa63ea35a6a68252888080722f2b403
-
SHA1
63ecde53df066919f84d35926dbea4efc1610b00
-
SHA256
8f26ff4683a2d8c5dda6b8aff8c4d6b95ffe97c2432b413e0f8f0a0c16c96d32
-
SHA512
a36aa7db91c5a98964b9285e85d07b255b4449dfd361ef09d8c4a8239c80adf895756c048f9ddc5ef9e35481a490005ace3aa36d1f93a0d59e80edae50ee8aa3
-
SSDEEP
12288:2+DbgRB778QekIKVkQv77DBpPMJ3aofMw98A/wR0Q+bnEimiQZWOWiP6ZtZbUqu9:vgRB1HbGHfMv0wR0vEJN6vpR+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-