General
-
Target
133cdaa5ca68a4c7d5d96013ca58147932dd16d6cdb89f5314c0f98a6d30f809
-
Size
839KB
-
Sample
241116-vnmsrayrb1
-
MD5
ea984c677d0e5cc335268332db480d3e
-
SHA1
0ad296adb1c30ac8c37f25f67abad4040cfffd9d
-
SHA256
133cdaa5ca68a4c7d5d96013ca58147932dd16d6cdb89f5314c0f98a6d30f809
-
SHA512
0d07e756f2d842c66ffdff11733a6d44a96a84b347bd6f482e461d7a03024932a974bafefaf3cf5beee4daa020cc83178c67afe170dcb7e6323f65b0d32a2851
-
SSDEEP
6144:/xiBwnO+u6ZoNsCl4VWqxyvGoQjkXa5Z97Wj43dUVVTtcypaMlRae8KgqmYjSLEV:/JuFqsRaOSYm
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6852245174:AAHgk_9s-tH6YNacTaCnQz56uJMggI0fZDw/
Targets
-
-
Target
133cdaa5ca68a4c7d5d96013ca58147932dd16d6cdb89f5314c0f98a6d30f809
-
Size
839KB
-
MD5
ea984c677d0e5cc335268332db480d3e
-
SHA1
0ad296adb1c30ac8c37f25f67abad4040cfffd9d
-
SHA256
133cdaa5ca68a4c7d5d96013ca58147932dd16d6cdb89f5314c0f98a6d30f809
-
SHA512
0d07e756f2d842c66ffdff11733a6d44a96a84b347bd6f482e461d7a03024932a974bafefaf3cf5beee4daa020cc83178c67afe170dcb7e6323f65b0d32a2851
-
SSDEEP
6144:/xiBwnO+u6ZoNsCl4VWqxyvGoQjkXa5Z97Wj43dUVVTtcypaMlRae8KgqmYjSLEV:/JuFqsRaOSYm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-