General
-
Target
b4c52779d09ea4edabef9ef75c2756cdd9a1fc0c10564ea7cd153ca223d0a9d8
-
Size
607KB
-
Sample
240522-bnazeafg22
-
MD5
7831435dbf79df5631126a63a722cf35
-
SHA1
2380acbc54642882a4a3ebaa0a892eda4ea50b96
-
SHA256
b4c52779d09ea4edabef9ef75c2756cdd9a1fc0c10564ea7cd153ca223d0a9d8
-
SHA512
355396d92d844bc72998588bb97b61379b7799ca3b8cb1a8101ed09fc83c2999b7c6f7a820272efe860f2cf22aaf27f62320e543b7afece79df9e8e3e4c7d070
-
SSDEEP
12288:U0p92TpQ1USCgfrSAOsWmjWh/DEzliFDwKM7Z0l8i7ZPcflAAky+:/P8plSf2AOuGDbFDzM0q4Zkfqfy+
Static task
static1
Behavioral task
behavioral1
Sample
b4c52779d09ea4edabef9ef75c2756cdd9a1fc0c10564ea7cd153ca223d0a9d8.exe
Resource
win7-20240419-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6521856051:AAE_VqJACYh8GJnmBCYkrp8n7Ax0fW5fJ5s/
Targets
-
-
Target
b4c52779d09ea4edabef9ef75c2756cdd9a1fc0c10564ea7cd153ca223d0a9d8
-
Size
607KB
-
MD5
7831435dbf79df5631126a63a722cf35
-
SHA1
2380acbc54642882a4a3ebaa0a892eda4ea50b96
-
SHA256
b4c52779d09ea4edabef9ef75c2756cdd9a1fc0c10564ea7cd153ca223d0a9d8
-
SHA512
355396d92d844bc72998588bb97b61379b7799ca3b8cb1a8101ed09fc83c2999b7c6f7a820272efe860f2cf22aaf27f62320e543b7afece79df9e8e3e4c7d070
-
SSDEEP
12288:U0p92TpQ1USCgfrSAOsWmjWh/DEzliFDwKM7Z0l8i7ZPcflAAky+:/P8plSf2AOuGDbFDzM0q4Zkfqfy+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-