General

  • Target

    50def3ac141e2e6ee58935076e7c69bfbbf617a9aa348317e1abc13d24ac456b

  • Size

    577KB

  • Sample

    240612-b2q8jsxhpe

  • MD5

    4f64e76b6bdcc6a795e15032f04ee833

  • SHA1

    76f0b9e53b1ffd155c16b25af86fe2cb5ae560eb

  • SHA256

    50def3ac141e2e6ee58935076e7c69bfbbf617a9aa348317e1abc13d24ac456b

  • SHA512

    18c8ece53d378cd8b0579fccd534cc3c5d5033cbd8c8571daee487b343f1642ebe24ace503c30e824095f720c14a7e0dac59a36f29eb733bc97fe9c9b77912ac

  • SSDEEP

    12288:rYV6MorX7qzuC3QHO9FQVHPF51jgc2M/gd1uV1rIbNyeN20f+3:IBXu9HGaVHngdw6QeNFM

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7251431774:AAHChQrtBHFfvS35hPhJi9N1leN0cmWiVoI/

Targets

    • Target

      50def3ac141e2e6ee58935076e7c69bfbbf617a9aa348317e1abc13d24ac456b

    • Size

      577KB

    • MD5

      4f64e76b6bdcc6a795e15032f04ee833

    • SHA1

      76f0b9e53b1ffd155c16b25af86fe2cb5ae560eb

    • SHA256

      50def3ac141e2e6ee58935076e7c69bfbbf617a9aa348317e1abc13d24ac456b

    • SHA512

      18c8ece53d378cd8b0579fccd534cc3c5d5033cbd8c8571daee487b343f1642ebe24ace503c30e824095f720c14a7e0dac59a36f29eb733bc97fe9c9b77912ac

    • SSDEEP

      12288:rYV6MorX7qzuC3QHO9FQVHPF51jgc2M/gd1uV1rIbNyeN20f+3:IBXu9HGaVHngdw6QeNFM

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks