General
-
Target
425462f8ad7aee7a55bf9fd9150c6f6fb5d53aafd86cab6e7e3dda413ba85f3b
-
Size
828KB
-
Sample
240612-bqtvasxelh
-
MD5
7f2227b215c5cc2b2068d85b7bf537b4
-
SHA1
2195d909ad9c94f453caedc36d2d3e6b2e568737
-
SHA256
425462f8ad7aee7a55bf9fd9150c6f6fb5d53aafd86cab6e7e3dda413ba85f3b
-
SHA512
93a9a04efc97f5121643b18c471334f2e46aca8ee5b5f958b7b07f58672127ad1f8df73ef1f10c173abd19d88f0fc2607bc60e47c5078c1f4a68cd9156e7e1eb
-
SSDEEP
24576:CjEPqtSZq56SW7aDJc8Al7LvmvS1H4AZ:CJ+QnVgwSt
Static task
static1
Behavioral task
behavioral1
Sample
425462f8ad7aee7a55bf9fd9150c6f6fb5d53aafd86cab6e7e3dda413ba85f3b.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7003073627:AAGR-aHCbQE_Xm_F2ssZpgrlzdtURak1neo/
Targets
-
-
Target
425462f8ad7aee7a55bf9fd9150c6f6fb5d53aafd86cab6e7e3dda413ba85f3b
-
Size
828KB
-
MD5
7f2227b215c5cc2b2068d85b7bf537b4
-
SHA1
2195d909ad9c94f453caedc36d2d3e6b2e568737
-
SHA256
425462f8ad7aee7a55bf9fd9150c6f6fb5d53aafd86cab6e7e3dda413ba85f3b
-
SHA512
93a9a04efc97f5121643b18c471334f2e46aca8ee5b5f958b7b07f58672127ad1f8df73ef1f10c173abd19d88f0fc2607bc60e47c5078c1f4a68cd9156e7e1eb
-
SSDEEP
24576:CjEPqtSZq56SW7aDJc8Al7LvmvS1H4AZ:CJ+QnVgwSt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-