General
-
Target
INVOICE07.zip
-
Size
405KB
-
Sample
240603-gwgd2sfd55
-
MD5
df0ff896342439513f5ec45e6407acba
-
SHA1
adcb3cda4d1e4484ac99b18494f4f4dcdae6f0b3
-
SHA256
900686f955496fc4db8bd11b35a3b531e2ff9987d8c39349a8d6116029d3e5fd
-
SHA512
7994dea452271d464a206c44614ab55da01b3b40212a2380bc6df8bf6127342249360ac71d2eead861c502234ee4524f7c2700456a7099efc7e13d32ec93eb00
-
SSDEEP
12288:g1Hh1189ywvCCcdysbrQCqPdlH+Ol+8ZHM:kHPqc9jNQCqFl3+CM
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE07.bat
Resource
win7-20240419-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7135973864:AAGVqtrGeLysm0FYcz68sQIn3nL2a6CxjMc/
Targets
-
-
Target
INVOICE07.bat
-
Size
540KB
-
MD5
1952a79579272db52a814baf57821f90
-
SHA1
3fcfb6c3d2c08e840d758e905c2f304ec39ca9f3
-
SHA256
e575145995f725fbaecc1b95c73ec0fbdad3117e1f492dc8d93ad076f5ad2da1
-
SHA512
088de9db26c4eda94bb71a5379118418c06bcb46d8ccce7d1da2719c8d742e8347a4dfde9f73afbb362ef461a0af159408d9150adc8653f6e5a3507408eb6a93
-
SSDEEP
12288:xToPjPt8r1cxIMTOQo5Xq4PpsXis9Jhqd8FJVqzT+53xH:xeWrOa4UaYpsXlJIdwSIZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-