General
-
Target
f023d69f82e2767f504e845149c16b4748c5861170eba2ebfe434d274d6654d2
-
Size
371KB
-
Sample
240518-j9jgnsbe6t
-
MD5
762924f898213fc0795c01d1842d82cc
-
SHA1
fe6870aad3744903434a45cef6be359989192851
-
SHA256
f023d69f82e2767f504e845149c16b4748c5861170eba2ebfe434d274d6654d2
-
SHA512
280408bcb175530b85d305471deb62dcf2a9bcf4f21ea0d60b1acd454680d3c8580fe9359f90411a830c33fc8915221b2ea378efe4260313822fdd48a273f390
-
SSDEEP
6144:USntsmoKwSoh8CN4qXo/UjENcuXq8h4dEmZWpkb9U8GArSNfHLwsAgbyWIUF78:mmhwSohTWqXjIX/egpkb9U8G1ZLUgbyL
Static task
static1
Behavioral task
behavioral1
Sample
Order Inquiry for new Purchase_pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Order Inquiry for new Purchase_pdf.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6921829812:AAEnJSJNfX1IyXT3BfHBFaRrW9XkEjVZMFs/
Targets
-
-
Target
Order Inquiry for new Purchase_pdf.exe
-
Size
947KB
-
MD5
12a0d4a27fb7f7d5f1b345c9e6b171e2
-
SHA1
6c6c01b4d9023e2f77ea6758b935c656637e5ea2
-
SHA256
fc44d6c0bc3f20d6e311cbc63e3442fb7f31b2edf039e49ce424549eddfa522d
-
SHA512
1916f25fd5dca34c3c92c97a0a5ccd9663d1bdce3d00ee23fd5c1dcdc91784fcdba8fb4857c0478f95920f0c9bbe9e422effa2163e724af4343f6c7ae6dd4418
-
SSDEEP
24576:OeqkD+B877zBtMA0yZqv+D09Pxjlahm8QIPntPG1kYWAXPJ:OeX+xjz8HzYW
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-