General
-
Target
rRFQ_TSL104_20221024_pdf.exe
-
Size
2.9MB
-
Sample
240618-zvfegawflf
-
MD5
edef0d2515fc3452e4175b3d223a5f90
-
SHA1
60342fb0ee1a34ecc2e3430f0f62aaa69a6e1a57
-
SHA256
86744ad357edc64f956c3a8df9c8bd852ae125189e80652703dc5624a97584a6
-
SHA512
3d7974953aadd7e33dceca2cb405de1632956501e623d61e30a270cac6a249030873a3d4cb6db282fa9acfe497e23ea35f9a0ea8d1437a3e250622b93681b3a1
-
SSDEEP
12288:VYXxEe0uZOuUTwUqdkvub/jBLLlB3xYyWtORM0rTKAnYMlvs3iZDjNFGjM9D:qRNuXOhRvLxYyuwRrT5nYqvs4DWiD
Static task
static1
Behavioral task
behavioral1
Sample
rRFQ_TSL104_20221024_pdf.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7261799157:AAHbEGrAXqYSY7AMfUzmzD3U1FgkRxHSXws/
Targets
-
-
Target
rRFQ_TSL104_20221024_pdf.exe
-
Size
2.9MB
-
MD5
edef0d2515fc3452e4175b3d223a5f90
-
SHA1
60342fb0ee1a34ecc2e3430f0f62aaa69a6e1a57
-
SHA256
86744ad357edc64f956c3a8df9c8bd852ae125189e80652703dc5624a97584a6
-
SHA512
3d7974953aadd7e33dceca2cb405de1632956501e623d61e30a270cac6a249030873a3d4cb6db282fa9acfe497e23ea35f9a0ea8d1437a3e250622b93681b3a1
-
SSDEEP
12288:VYXxEe0uZOuUTwUqdkvub/jBLLlB3xYyWtORM0rTKAnYMlvs3iZDjNFGjM9D:qRNuXOhRvLxYyuwRrT5nYqvs4DWiD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-