General
-
Target
fbc851daaa11b333c79912b49a465c3abc26c6c8e0629c4916f6c0a6243b729a
-
Size
695KB
-
Sample
240630-bfhdhsvcjk
-
MD5
294fd8988e158616df7fce5208dfaea1
-
SHA1
1990b4ad55593db02093e7bdcc0f592c7279fe71
-
SHA256
fbc851daaa11b333c79912b49a465c3abc26c6c8e0629c4916f6c0a6243b729a
-
SHA512
090a7c40d32c05c942ee1ec056d48f94c4d399401b4c00ba75edf2913bc055c2091f5bf7ea56bf17be3751d9f04714a308a84b4498400679acfea943a164bfef
-
SSDEEP
12288:55J2iNzeWFm+FJ6H4tj3roRKc69ovr7hcrHrhtX0+I5LaCSyWTwNFB33aF4LHymj:DJ1tRFm+r6H4tjboRf69ovrF2PFI5L9R
Static task
static1
Behavioral task
behavioral1
Sample
fbc851daaa11b333c79912b49a465c3abc26c6c8e0629c4916f6c0a6243b729a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fbc851daaa11b333c79912b49a465c3abc26c6c8e0629c4916f6c0a6243b729a.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6481075764:AAHqECPIvQi9oqrkUAnPvfzCiiFg7g2jTz4/
Targets
-
-
Target
fbc851daaa11b333c79912b49a465c3abc26c6c8e0629c4916f6c0a6243b729a
-
Size
695KB
-
MD5
294fd8988e158616df7fce5208dfaea1
-
SHA1
1990b4ad55593db02093e7bdcc0f592c7279fe71
-
SHA256
fbc851daaa11b333c79912b49a465c3abc26c6c8e0629c4916f6c0a6243b729a
-
SHA512
090a7c40d32c05c942ee1ec056d48f94c4d399401b4c00ba75edf2913bc055c2091f5bf7ea56bf17be3751d9f04714a308a84b4498400679acfea943a164bfef
-
SSDEEP
12288:55J2iNzeWFm+FJ6H4tj3roRKc69ovr7hcrHrhtX0+I5LaCSyWTwNFB33aF4LHymj:DJ1tRFm+r6H4tjboRf69ovrF2PFI5L9R
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-