General
-
Target
https://www.virustotal.com/gui/file/5795f7ad5151237b31b31a6c35f05cc84795d215a8cf5483f088a986f8d97447/detection
-
Sample
240523-xn6xqscf65
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.virustotal.com/gui/file/5795f7ad5151237b31b31a6c35f05cc84795d215a8cf5483f088a986f8d97447/detection
Resource
win10v2004-20240426-en
22 signatures
600 seconds
Malware Config
Extracted
Family
agenttesla
C2
https://api.telegram.org/bot7078346326:AAGX1CDPoWJfjkrOoEPVVRU8q_dn7nh6dRU/
Targets
-
-
Target
https://www.virustotal.com/gui/file/5795f7ad5151237b31b31a6c35f05cc84795d215a8cf5483f088a986f8d97447/detection
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-