General
-
Target
SecuriteInfo.com.Trojan.MSIL.AgentTesla.ERQ.MTB.11269.29978
-
Size
698KB
-
Sample
220504-je8s3sfhdn
-
MD5
b78eed700665bf868771e371d2622000
-
SHA1
48daa093155e9eaa563f6eb537a57f940f2aa6c6
-
SHA256
9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513
-
SHA512
c8a943811ba8173a49941a85803a5dc0084c4eab90d7a79f3e4115992ffe6f115237b0b56e85aaaf940f6d2e6a1b1fac31541f32554c799bd259bcb3e5873e58
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.MSIL.AgentTesla.ERQ.MTB.11269.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.MSIL.AgentTesla.ERQ.MTB.11269.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5187728823:AAGLMGn_JlHiLgjLPDeSA29u69fic0Upi8Y/sendDocument
Targets
-
-
Target
SecuriteInfo.com.Trojan.MSIL.AgentTesla.ERQ.MTB.11269.29978
-
Size
698KB
-
MD5
b78eed700665bf868771e371d2622000
-
SHA1
48daa093155e9eaa563f6eb537a57f940f2aa6c6
-
SHA256
9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513
-
SHA512
c8a943811ba8173a49941a85803a5dc0084c4eab90d7a79f3e4115992ffe6f115237b0b56e85aaaf940f6d2e6a1b1fac31541f32554c799bd259bcb3e5873e58
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-