General
-
Target
11baaace8d136b7c77dbe47a6e66d9da412b1d6020e4a7bd1b8eccdff3424a80
-
Size
1.4MB
-
Sample
240521-bval8adg38
-
MD5
572df159d11e54a0e98ac0f622de3f61
-
SHA1
ab999fff67ebef6ce8a28607c9e273241354980d
-
SHA256
11baaace8d136b7c77dbe47a6e66d9da412b1d6020e4a7bd1b8eccdff3424a80
-
SHA512
2379f7c2aa1b54c77776242d17d7bb94f2d9a371eec3c6f7900bc696b0d607667c3bad12432a3e25259668bbb7abcc67bff70058629dc131686274916076dcd1
-
SSDEEP
24576:M5XHaceSJ8PaarB9qthRXxQj3I/SytHZJIB2WnImD7Pj8FQOE/ikAaJB2Xg/S:YAzaAohRXxQj4KyFZa2WnN7Pj6yikAAE
Static task
static1
Behavioral task
behavioral1
Sample
11baaace8d136b7c77dbe47a6e66d9da412b1d6020e4a7bd1b8eccdff3424a80.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
11baaace8d136b7c77dbe47a6e66d9da412b1d6020e4a7bd1b8eccdff3424a80.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6504306102:AAE5nOKaRhW2-ZDPf7N53z1hTC08pRoLsyw/
Targets
-
-
Target
11baaace8d136b7c77dbe47a6e66d9da412b1d6020e4a7bd1b8eccdff3424a80
-
Size
1.4MB
-
MD5
572df159d11e54a0e98ac0f622de3f61
-
SHA1
ab999fff67ebef6ce8a28607c9e273241354980d
-
SHA256
11baaace8d136b7c77dbe47a6e66d9da412b1d6020e4a7bd1b8eccdff3424a80
-
SHA512
2379f7c2aa1b54c77776242d17d7bb94f2d9a371eec3c6f7900bc696b0d607667c3bad12432a3e25259668bbb7abcc67bff70058629dc131686274916076dcd1
-
SSDEEP
24576:M5XHaceSJ8PaarB9qthRXxQj3I/SytHZJIB2WnImD7Pj8FQOE/ikAaJB2Xg/S:YAzaAohRXxQj4KyFZa2WnN7Pj6yikAAE
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-