General
-
Target
6a5f097743ed7da46f5a35c055047d458a8831abebca6dd587f06108527c1b4e
-
Size
371KB
-
Sample
240523-c5jhjsbb42
-
MD5
1a5bf27481f1f48dd1a37a66acf98c98
-
SHA1
c4f194debedb3d398f3a077dc4d15a24f0aef363
-
SHA256
6a5f097743ed7da46f5a35c055047d458a8831abebca6dd587f06108527c1b4e
-
SHA512
4f517dad0bf162b872f1a3cc39cf00599b375a701ed55b4eec3a483a1205b7bce50cb8bc0f9e81f977e30afc4af4cd249c1fef546d850e443c39065ff1139288
-
SSDEEP
6144:P/+X+HXSaNNz2gFjHF4OMjG0cpQOh84e/MLdn7JVLuzv1zerCgTtpAtd6vp:X+XMXSMcQbwcnh5eOn7ziUrrRpAa
Static task
static1
Behavioral task
behavioral1
Sample
6a5f097743ed7da46f5a35c055047d458a8831abebca6dd587f06108527c1b4e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6a5f097743ed7da46f5a35c055047d458a8831abebca6dd587f06108527c1b4e.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6760916656:AAFTROumNysgqsjoqAvyBqjbR9y3VV4we2Y/
Targets
-
-
Target
6a5f097743ed7da46f5a35c055047d458a8831abebca6dd587f06108527c1b4e
-
Size
371KB
-
MD5
1a5bf27481f1f48dd1a37a66acf98c98
-
SHA1
c4f194debedb3d398f3a077dc4d15a24f0aef363
-
SHA256
6a5f097743ed7da46f5a35c055047d458a8831abebca6dd587f06108527c1b4e
-
SHA512
4f517dad0bf162b872f1a3cc39cf00599b375a701ed55b4eec3a483a1205b7bce50cb8bc0f9e81f977e30afc4af4cd249c1fef546d850e443c39065ff1139288
-
SSDEEP
6144:P/+X+HXSaNNz2gFjHF4OMjG0cpQOh84e/MLdn7JVLuzv1zerCgTtpAtd6vp:X+XMXSMcQbwcnh5eOn7ziUrrRpAa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-