General
-
Target
z23mypdfscanner-invoice3535.bat
-
Size
217KB
-
Sample
240524-xcbbpafa6w
-
MD5
81e3209cf09a8f2f59c94c3e8c20c475
-
SHA1
0e05dfa84c0f053ab8f2fc4682fb46e02440096f
-
SHA256
3cb4d9bb4d3100fb7884a96c4c1cc4ffe4994c76e80626e2ca4894a01cb6ded2
-
SHA512
ac5d14dabe94916a097be70d7420de9ff9528ebe530798168dcbbcb5754604610f563f0c8737d01e4ea83346ad878284a21360b84d8934a2db0dfcf13fc746d7
-
SSDEEP
6144:xlN/X/N7ZeoXGyzjFk7ecPTja3UIhdcYGuukwEZrWAFhF7EP4:zNf1H2yzjFk7e6ToUmdcYFukwE5Wyh6w
Static task
static1
Behavioral task
behavioral1
Sample
z23mypdfscanner-invoice3535.bat
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6840755276:AAHEhHpmlrUuXaIUnKpuniBmO-DaNx3tnLo/
Targets
-
-
Target
z23mypdfscanner-invoice3535.bat
-
Size
217KB
-
MD5
81e3209cf09a8f2f59c94c3e8c20c475
-
SHA1
0e05dfa84c0f053ab8f2fc4682fb46e02440096f
-
SHA256
3cb4d9bb4d3100fb7884a96c4c1cc4ffe4994c76e80626e2ca4894a01cb6ded2
-
SHA512
ac5d14dabe94916a097be70d7420de9ff9528ebe530798168dcbbcb5754604610f563f0c8737d01e4ea83346ad878284a21360b84d8934a2db0dfcf13fc746d7
-
SSDEEP
6144:xlN/X/N7ZeoXGyzjFk7ecPTja3UIhdcYGuukwEZrWAFhF7EP4:zNf1H2yzjFk7e6ToUmdcYFukwE5Wyh6w
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-