General
-
Target
752858a3fb544fb8dcd3ec179ba83d3b1269a93a15ad669356421d407ba83888
-
Size
2.1MB
-
Sample
240612-cgtnlsydjq
-
MD5
447b403fc3dac6e0d33de52f7f94163c
-
SHA1
509c612d71a071572331d561971f8c3af3aa239c
-
SHA256
752858a3fb544fb8dcd3ec179ba83d3b1269a93a15ad669356421d407ba83888
-
SHA512
46f089b25148189d24c0debf157e9f87e19ad06cc63c96cf2e59a3b1608cd64245bc7eb0e5b701870fc7e8779f4e22f781b72b77df0314b092ed13e859e4aa53
-
SSDEEP
49152:bbdYAm4zvbdYAm4zUbdYAm4zFbdYAm4zf3AmQEQkXp6fNAKNhRS0foYj:HdrzdrGdr1drPAnEQKQNH40foY
Static task
static1
Behavioral task
behavioral1
Sample
752858a3fb544fb8dcd3ec179ba83d3b1269a93a15ad669356421d407ba83888.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
752858a3fb544fb8dcd3ec179ba83d3b1269a93a15ad669356421d407ba83888.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1247465482857222144/lQ5N2wnI2q6Keu3tWum3d2r1N0E8HP_vVDhvVsxM7FW0-kBOeEAC870yGkhWrFkrmys5
Targets
-
-
Target
752858a3fb544fb8dcd3ec179ba83d3b1269a93a15ad669356421d407ba83888
-
Size
2.1MB
-
MD5
447b403fc3dac6e0d33de52f7f94163c
-
SHA1
509c612d71a071572331d561971f8c3af3aa239c
-
SHA256
752858a3fb544fb8dcd3ec179ba83d3b1269a93a15ad669356421d407ba83888
-
SHA512
46f089b25148189d24c0debf157e9f87e19ad06cc63c96cf2e59a3b1608cd64245bc7eb0e5b701870fc7e8779f4e22f781b72b77df0314b092ed13e859e4aa53
-
SSDEEP
49152:bbdYAm4zvbdYAm4zUbdYAm4zFbdYAm4zf3AmQEQkXp6fNAKNhRS0foYj:HdrzdrGdr1drPAnEQKQNH40foY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-