General
-
Target
c1efa9f13472a437f9148a9fbe3041cba18e58189a98a1fa9bd19ca5d7df4881
-
Size
707KB
-
Sample
240518-j8981abe31
-
MD5
21ec5e669a02585d685c92eacebd4b9f
-
SHA1
c888f1c219e1d0ab8900e876cbc8003626511d4c
-
SHA256
c1efa9f13472a437f9148a9fbe3041cba18e58189a98a1fa9bd19ca5d7df4881
-
SHA512
6a1e3e2efb34d655e8e73ab543fb16b2cf861bae9f95c782e76c152d4f144cdc0991c28a40e68459de4e0e7e984fe1ee2bdca6239973c3c1a75b237f7302abf3
-
SSDEEP
12288:wjlTraSj3K+1pcVDH2j0JaWmAWgxCN46I3M0jwKUyIbKkKzjnEZxTVK6E19Mg3:glBThcxWjsm5Iy7l8wK6dKz6boKg3
Static task
static1
Behavioral task
behavioral1
Sample
23c415fced41205b0d6036306a611430af76aaf221ac0bddf2871ce787acdfda.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
23c415fced41205b0d6036306a611430af76aaf221ac0bddf2871ce787acdfda.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7060813422:AAFqFKdMJlLvutqPAnHO4f8vnk2X1rQvsl0/
Targets
-
-
Target
23c415fced41205b0d6036306a611430af76aaf221ac0bddf2871ce787acdfda.exe
-
Size
996KB
-
MD5
e0aa136a77f5834148b0a65add5e124e
-
SHA1
a56bf43b73d16b679d6cf6c01c2429bec93271bf
-
SHA256
23c415fced41205b0d6036306a611430af76aaf221ac0bddf2871ce787acdfda
-
SHA512
4946531f370a7891545b6dcd0c8561d8b297854a35437825fb36c538dde76e2e24de146b97abc6a058ae5bea7d9bcba46d9646f4d45eddc791feab4ef41bfea6
-
SSDEEP
24576:yP19JSNIlIy4lWOeJChP8hRiIRiBedx3:yPtaIlIhjUo8bkU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-