General
-
Target
6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8
-
Size
689KB
-
Sample
240630-bfgrzs1dmh
-
MD5
0cf5716b3f7da1b71dbb881131787797
-
SHA1
ee59712452f56493dbcb6446ccd75906a8f6e9e9
-
SHA256
6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8
-
SHA512
c4b97e0bcb467587a5688c91635baa318a44c708885b917f4b0dea1fcd0a5fc15a79cc2cce77ddf54fac195fc65c2b3bf6f967578d13747b3c323b1063354f3b
-
SSDEEP
12288:o+DYnsCeLAf8h5x5DlIhRW2rJbvgmzmY+er+TmX1OO+hIdImC8kmDsNFtjx0+:6nsC5oDlIh1Nrgmzm++Tw1OThOkmQNHT
Static task
static1
Behavioral task
behavioral1
Sample
6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7181517076:AAG4UbbwYZAXOf45n7IeXXms4ONdHZ7wNgU/
Targets
-
-
Target
6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8
-
Size
689KB
-
MD5
0cf5716b3f7da1b71dbb881131787797
-
SHA1
ee59712452f56493dbcb6446ccd75906a8f6e9e9
-
SHA256
6581c52ddc175d0da6133a50ac0ace78d844072a6c5fc2c2490556fc566d2bf8
-
SHA512
c4b97e0bcb467587a5688c91635baa318a44c708885b917f4b0dea1fcd0a5fc15a79cc2cce77ddf54fac195fc65c2b3bf6f967578d13747b3c323b1063354f3b
-
SSDEEP
12288:o+DYnsCeLAf8h5x5DlIhRW2rJbvgmzmY+er+TmX1OO+hIdImC8kmDsNFtjx0+:6nsC5oDlIh1Nrgmzm++Tw1OThOkmQNHT
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-