General
-
Target
file.xe.exe
-
Size
258KB
-
Sample
240603-hj7wxagd55
-
MD5
9916f832489d7b77c8fe907d137e3ee4
-
SHA1
6b5a82f007006c3cd052e3bb78958aee0bd2b0f8
-
SHA256
e1457bcac74924e36c146710904fa20870b8c7134c911c94bdc8131f3d4b14db
-
SHA512
b102590663b10885be2e70adc158948b654d93ae39732ea8cdc71c626f0d582e677e9003ccfc86e00b5b5b7c070dd3358d33274114e85ca3f91867af915a40d9
-
SSDEEP
3072:UVPWsME5CVuLoaJubD/4gU0HlSpZpao1+fhohP5VRlZArZF2eG/Zvo2dnSSvw4G0:CPnDTgUYSt5BZJZgO
Static task
static1
Behavioral task
behavioral1
Sample
file.xe.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
file.xe.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6964521282:AAFATiXXOD1QQSc4bxFkZcgVAEKJ0TIOH5w/
Targets
-
-
Target
file.xe.exe
-
Size
258KB
-
MD5
9916f832489d7b77c8fe907d137e3ee4
-
SHA1
6b5a82f007006c3cd052e3bb78958aee0bd2b0f8
-
SHA256
e1457bcac74924e36c146710904fa20870b8c7134c911c94bdc8131f3d4b14db
-
SHA512
b102590663b10885be2e70adc158948b654d93ae39732ea8cdc71c626f0d582e677e9003ccfc86e00b5b5b7c070dd3358d33274114e85ca3f91867af915a40d9
-
SSDEEP
3072:UVPWsME5CVuLoaJubD/4gU0HlSpZpao1+fhohP5VRlZArZF2eG/Zvo2dnSSvw4G0:CPnDTgUYSt5BZJZgO
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-