General
-
Target
06e9205791eba37e10fcc9edf27f2a515f5ab835d32626d30aa54dea6043199a
-
Size
263KB
-
Sample
240521-bt7wbsdg34
-
MD5
aaff34d6b86e6067bbaa57e497ff56f9
-
SHA1
754c5b8f0a68d39bec76a575c814466cab445144
-
SHA256
06e9205791eba37e10fcc9edf27f2a515f5ab835d32626d30aa54dea6043199a
-
SHA512
9a7139b70847f59a39548263defd4473a294902825c4d470ac122a406b69b81c11b3cad58b505bd1dbecdc05acee63b3a155dddb34c3d5d3859af4aa2a61b3ce
-
SSDEEP
6144:OptJNtOjJ88W0vIjD6/pVXQmvPNyCs65QheHt/7tnyoQkC3:4pLn0vI3uf1yCs6KYHt/1yhZ
Static task
static1
Behavioral task
behavioral1
Sample
Pre Alert - Ship Docs/Pre Alert - Ship Docs.xlsx.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Pre Alert - Ship Docs/Pre Alert - Ship Docs.xlsx.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6760916656:AAFTROumNysgqsjoqAvyBqjbR9y3VV4we2Y/
Targets
-
-
Target
Pre Alert - Ship Docs/Pre Alert - Ship Docs.xlsx.exe
-
Size
371KB
-
MD5
2d3cfe702b5ed5064a086a7c63c9c853
-
SHA1
b74a924d93f66f0cf71023406a6959afe7a7c385
-
SHA256
e0ece16177937a72af5678f92fa79d6a9fd01213b33663b46c6106aa3189eb96
-
SHA512
cc45573b6c805763765b884d3ffa309bc4fd8f83508275a3323372d668afde693894aaa23840da52509054ca726a2ee1ec43fedab36fed9cb57437eaddf274e0
-
SSDEEP
6144:7IxY3q6emyxIeCc6LK+hRz9Fl7nNjknWlajhgVZfwJPH1Q+9fRQK1oErL:sxY66cMc6LL9v7uWrZfayYfRr1oK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-