General
-
Target
PO10-02082.exe
-
Size
1.2MB
-
Sample
240603-hks45sfc4x
-
MD5
841b7226973d5905c47d0e8be08726ef
-
SHA1
47bc2b758e151d2c0b54d04a3143e62e3b5453c8
-
SHA256
5e8375112fb300e9eb4c7bc2d53c2577f60a319813d199814ff316ac88777650
-
SHA512
55d5958cf7937c55764fb7848c49e94422cd62e5faa4ea959877b468ea5f67e98ae6953d2036c32fbe15566c90f55f0d02176df8d35f8e397bebad7ce9205d30
-
SSDEEP
24576:GAHnh+eWsN3skA4RV1Hom2KXMmHarmYVXk8p85:hh+ZkldoPK8YarrtU
Static task
static1
Behavioral task
behavioral1
Sample
PO10-02082.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
PO10-02082.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6979498858:AAECq2B31MrnKIQo8rrCWW1pczfrEtn7hPQ/
Targets
-
-
Target
PO10-02082.exe
-
Size
1.2MB
-
MD5
841b7226973d5905c47d0e8be08726ef
-
SHA1
47bc2b758e151d2c0b54d04a3143e62e3b5453c8
-
SHA256
5e8375112fb300e9eb4c7bc2d53c2577f60a319813d199814ff316ac88777650
-
SHA512
55d5958cf7937c55764fb7848c49e94422cd62e5faa4ea959877b468ea5f67e98ae6953d2036c32fbe15566c90f55f0d02176df8d35f8e397bebad7ce9205d30
-
SSDEEP
24576:GAHnh+eWsN3skA4RV1Hom2KXMmHarmYVXk8p85:hh+ZkldoPK8YarrtU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-