General
-
Target
62b1b2593f5ca1067a604faca79bdd13b04a6221dbe380605970c135d92139a3
-
Size
3.2MB
-
Sample
240612-cec8vaycmh
-
MD5
a04e1369b8a2ff92e6fa97e3d00c9566
-
SHA1
ec280c9d80b6f47e9eb1095c9663ea9488a7c0d0
-
SHA256
62b1b2593f5ca1067a604faca79bdd13b04a6221dbe380605970c135d92139a3
-
SHA512
e37f2fdd59633cf6dac703b2fa644adfcdd713e9e23f0afe0049525084b35e3ccb1db678cb2ee6c5856c8c7a6eb024606ad7248fb946f7cf221ddd3cd019264e
-
SSDEEP
49152:l8yJAk206NICMq5pzKRgqVzKDMgFMkLQmP87Nn9:qBslg8Bn9
Static task
static1
Behavioral task
behavioral1
Sample
62b1b2593f5ca1067a604faca79bdd13b04a6221dbe380605970c135d92139a3.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
62b1b2593f5ca1067a604faca79bdd13b04a6221dbe380605970c135d92139a3.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7199704710:AAFo3G2WRLLSd0jDgjwpe01oeP1lxDAYb8A/
Targets
-
-
Target
62b1b2593f5ca1067a604faca79bdd13b04a6221dbe380605970c135d92139a3
-
Size
3.2MB
-
MD5
a04e1369b8a2ff92e6fa97e3d00c9566
-
SHA1
ec280c9d80b6f47e9eb1095c9663ea9488a7c0d0
-
SHA256
62b1b2593f5ca1067a604faca79bdd13b04a6221dbe380605970c135d92139a3
-
SHA512
e37f2fdd59633cf6dac703b2fa644adfcdd713e9e23f0afe0049525084b35e3ccb1db678cb2ee6c5856c8c7a6eb024606ad7248fb946f7cf221ddd3cd019264e
-
SSDEEP
49152:l8yJAk206NICMq5pzKRgqVzKDMgFMkLQmP87Nn9:qBslg8Bn9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-