General
-
Target
8f18cbbab7e70501ff317d7f89c4e8234c8355e1ff277aafda1b93556e341856
-
Size
820KB
-
Sample
240519-bmxrsaaf2x
-
MD5
66ab154cb5a1445e8c44543bd672c4e1
-
SHA1
4dd7ce4a5f3332b402b45e2dd5b9ed745fdadba6
-
SHA256
8f18cbbab7e70501ff317d7f89c4e8234c8355e1ff277aafda1b93556e341856
-
SHA512
2490a09022b89e59e8356f645874f0d9f06a060895eb02e9776067695ae0124543fe235f3eaa2ed25b2c686cbd9f873c69db61d5908a3e7460e54be026e462b0
-
SSDEEP
24576:V5leJSNI9Gfw8sRyF6iClzXCHy8VHzI7R0nDdWfLfq:rlAaIwfwJTlzXCH9xI7R6ALC
Static task
static1
Behavioral task
behavioral1
Sample
8f18cbbab7e70501ff317d7f89c4e8234c8355e1ff277aafda1b93556e341856.exe
Resource
win7-20240215-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6833369348:AAHv0Ph_km_t-hYM5WR9L_rTG08B_UxNTUA/
Targets
-
-
Target
8f18cbbab7e70501ff317d7f89c4e8234c8355e1ff277aafda1b93556e341856
-
Size
820KB
-
MD5
66ab154cb5a1445e8c44543bd672c4e1
-
SHA1
4dd7ce4a5f3332b402b45e2dd5b9ed745fdadba6
-
SHA256
8f18cbbab7e70501ff317d7f89c4e8234c8355e1ff277aafda1b93556e341856
-
SHA512
2490a09022b89e59e8356f645874f0d9f06a060895eb02e9776067695ae0124543fe235f3eaa2ed25b2c686cbd9f873c69db61d5908a3e7460e54be026e462b0
-
SSDEEP
24576:V5leJSNI9Gfw8sRyF6iClzXCHy8VHzI7R0nDdWfLfq:rlAaIwfwJTlzXCH9xI7R6ALC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-