General
-
Target
InvoiceConfirmation3.zip
-
Size
406KB
-
Sample
240603-gwgd2sfd56
-
MD5
69d36048666b6f03ea5e438917f6bac7
-
SHA1
b1ab60817b5f7621f5e544c2f9d36b93c71ef47b
-
SHA256
2ad94e138bd981332c443cfac96788ed71ad74e9073c9ee5fedbe6d21c2dc201
-
SHA512
7c62c5eb98fbbc8e5169fb17e04ff060310bcd5c043758f76a6871f5c9df770c8b694850391f75080f78aa7239e918bd14fc6e279fb3f86a2578edb0bc4753e1
-
SSDEEP
12288:H39HGi5zxXxTqGe/2Z/Ss1l4h0JvWjd2hEuvmt8Ez:pGi5dw58Sql4hKujd2auuJz
Static task
static1
Behavioral task
behavioral1
Sample
InvoiceConfirmation3.bat
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7135973864:AAGVqtrGeLysm0FYcz68sQIn3nL2a6CxjMc/
Targets
-
-
Target
InvoiceConfirmation3.bat
-
Size
540KB
-
MD5
af29b01f9517f84f7d1794a3c5a987d5
-
SHA1
17f8776ea38c0eb07915cf1ab4e52a2c87ec70cd
-
SHA256
18ff8049e5eac05d3f1bf7d414664845edd76f5393630aa463566476e45b9985
-
SHA512
29afff43ff59985eb4d65463cf7b8eaa6a82ae508cce66222707cab084d25bed77a45b7f85ec13e91545827f76bde014794b7ccf77f0df44b815df6b8d76953d
-
SSDEEP
12288:2Nu+DeVdU51H++iCBdiQslfVMLOzcU+MEJXMHwXUIXkZsCSbluwG9XJec8SmC:t+aVK51HzBdeqLOIM8XfUXFYk7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-