General
-
Target
b5a23c2ef617a9a0b87f82ebc9f6c2c892a179a53bd35ce725be92c68465b245
-
Size
782KB
-
Sample
220805-mdm2rsacd5
-
MD5
f7c9cf1410373a60a5c5a5e02aa4bd3c
-
SHA1
97cf7689f3b6dfd0efd37e7f16aa1bd2cfe537de
-
SHA256
b5a23c2ef617a9a0b87f82ebc9f6c2c892a179a53bd35ce725be92c68465b245
-
SHA512
cf5bf661e5a61d3d64bae9db4d0ffdabcb37ba0afeb9ce668f8cf284d0b37627658744b6ef9d12976f191a96462bc997a6a9f426ca1b1e48785f41b13b9ec64f
Static task
static1
Behavioral task
behavioral1
Sample
b5a23c2ef617a9a0b87f82ebc9f6c2c892a179a53bd35ce725be92c68465b245.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
b5a23c2ef617a9a0b87f82ebc9f6c2c892a179a53bd35ce725be92c68465b245.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5589784704:AAHKB3hx6EncDiLmSpjVqiBsp072Mevw-S8/sendDocument
Targets
-
-
Target
b5a23c2ef617a9a0b87f82ebc9f6c2c892a179a53bd35ce725be92c68465b245
-
Size
782KB
-
MD5
f7c9cf1410373a60a5c5a5e02aa4bd3c
-
SHA1
97cf7689f3b6dfd0efd37e7f16aa1bd2cfe537de
-
SHA256
b5a23c2ef617a9a0b87f82ebc9f6c2c892a179a53bd35ce725be92c68465b245
-
SHA512
cf5bf661e5a61d3d64bae9db4d0ffdabcb37ba0afeb9ce668f8cf284d0b37627658744b6ef9d12976f191a96462bc997a6a9f426ca1b1e48785f41b13b9ec64f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-