General
-
Target
001ffca363691bcb5c2399f7a5c74f6d89847a434452acb8a85d14cfe282ed75
-
Size
856KB
-
Sample
240523-cpyyasab7y
-
MD5
18156d45f91dee4763da02f45787e93f
-
SHA1
4aa631f7954ea890165f8aa36e940e3816918ccc
-
SHA256
001ffca363691bcb5c2399f7a5c74f6d89847a434452acb8a85d14cfe282ed75
-
SHA512
517df532657f6d90f13b4d13dddf7a4cebff778aedac4f300e5d39299319a9e0acb96ad915e99ceb6d4e4e38470d8b9bae0303bfb82aec4991c7dbb8463da9d5
-
SSDEEP
24576:Ew4bjw4bg+ThqDHhCeVAVDsxTqIoseCC7BMMMDMMM:Ew4bjw4bNhYHhBVAVVsFUBMMMDMMM
Static task
static1
Behavioral task
behavioral1
Sample
001ffca363691bcb5c2399f7a5c74f6d89847a434452acb8a85d14cfe282ed75.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
001ffca363691bcb5c2399f7a5c74f6d89847a434452acb8a85d14cfe282ed75.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6801674292:AAGHV57gdzpsfUBrgXSTVMYSxSDCCh9LBiQ/
Targets
-
-
Target
001ffca363691bcb5c2399f7a5c74f6d89847a434452acb8a85d14cfe282ed75
-
Size
856KB
-
MD5
18156d45f91dee4763da02f45787e93f
-
SHA1
4aa631f7954ea890165f8aa36e940e3816918ccc
-
SHA256
001ffca363691bcb5c2399f7a5c74f6d89847a434452acb8a85d14cfe282ed75
-
SHA512
517df532657f6d90f13b4d13dddf7a4cebff778aedac4f300e5d39299319a9e0acb96ad915e99ceb6d4e4e38470d8b9bae0303bfb82aec4991c7dbb8463da9d5
-
SSDEEP
24576:Ew4bjw4bg+ThqDHhCeVAVDsxTqIoseCC7BMMMDMMM:Ew4bjw4bNhYHhBVAVVsFUBMMMDMMM
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-