General
-
Target
12be7ba92542445870381836db2d1cee669714615868970ff3759bc6864492ab
-
Size
164KB
-
Sample
240522-bs7tyaga9z
-
MD5
ba15880d57cb0f17d5df416fc2ca136a
-
SHA1
b38e7bcfad4ac45d92509af750f8eecc78aa093f
-
SHA256
12be7ba92542445870381836db2d1cee669714615868970ff3759bc6864492ab
-
SHA512
31c6c21d1412148229d7a5fde9fd36d610e9edee0026c98e3996017be9f82827f9f3047e5452f539a7ef7a0da9bab8b7e0e109fb2d61e713318595bcc5f6b5bb
-
SSDEEP
3072:KFBpwPnT3nKacv1iAozrGFq5sUrW9uv8+2VLFtgjLtr+Fdo6tgldE3po:KFBeTXKBNHo3GFQRNiVBtgftrIo6qi3p
Behavioral task
behavioral1
Sample
12be7ba92542445870381836db2d1cee669714615868970ff3759bc6864492ab.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
12be7ba92542445870381836db2d1cee669714615868970ff3759bc6864492ab.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6185777927:AAHgIPLnq4XW3y12Thl5pKU-tZT6-UNtnfM/
Targets
-
-
Target
12be7ba92542445870381836db2d1cee669714615868970ff3759bc6864492ab
-
Size
164KB
-
MD5
ba15880d57cb0f17d5df416fc2ca136a
-
SHA1
b38e7bcfad4ac45d92509af750f8eecc78aa093f
-
SHA256
12be7ba92542445870381836db2d1cee669714615868970ff3759bc6864492ab
-
SHA512
31c6c21d1412148229d7a5fde9fd36d610e9edee0026c98e3996017be9f82827f9f3047e5452f539a7ef7a0da9bab8b7e0e109fb2d61e713318595bcc5f6b5bb
-
SSDEEP
3072:KFBpwPnT3nKacv1iAozrGFq5sUrW9uv8+2VLFtgjLtr+Fdo6tgldE3po:KFBeTXKBNHo3GFQRNiVBtgftrIo6qi3p
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-