General
-
Target
1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec.exe
-
Size
893KB
-
Sample
240518-h1njlahb49
-
MD5
2ef7648cacafe36bc43a723a8fa42bb1
-
SHA1
3ba9a89d38d319e185ef2f9769b550b44e54dc5c
-
SHA256
1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec
-
SHA512
b340769e2e3d4cb70812dabb720952163255a889c8035c8dc7a4f6a57ea729fc73635810d69b4396fbd1dac0ee9432c894260925f94f2a130933877cade530de
-
SSDEEP
12288:gVfefPcKNSl40+XjBGQiQJoCWcyTWEucD/U2FEbMZeNDDSTkWbxP+eJjiOEPGuvh:afCE+oQiE9oFtMxl6xrliG4jD4lgP
Static task
static1
Behavioral task
behavioral1
Sample
1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec.exe
Resource
win7-20240220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/
Targets
-
-
Target
1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec.exe
-
Size
893KB
-
MD5
2ef7648cacafe36bc43a723a8fa42bb1
-
SHA1
3ba9a89d38d319e185ef2f9769b550b44e54dc5c
-
SHA256
1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec
-
SHA512
b340769e2e3d4cb70812dabb720952163255a889c8035c8dc7a4f6a57ea729fc73635810d69b4396fbd1dac0ee9432c894260925f94f2a130933877cade530de
-
SSDEEP
12288:gVfefPcKNSl40+XjBGQiQJoCWcyTWEucD/U2FEbMZeNDDSTkWbxP+eJjiOEPGuvh:afCE+oQiE9oFtMxl6xrliG4jD4lgP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-