General
-
Target
289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383
-
Size
2.3MB
-
Sample
240701-bhs8ss1frb
-
MD5
0836be75ada3e2f608f9a275d45c996f
-
SHA1
10d9e8ec87f51bc9553c5d7a6c5a7926cae0851f
-
SHA256
289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383
-
SHA512
439cd2a9758e4db6f6bb3cc40dadcb24b50ebfccc149cae1293e67bf1e5c6cd9291485c3f7f7dccb8f6dd697c117699a561be6e64d4e694115f766a0c8346af3
-
SSDEEP
49152:eF50a6aPVOFMx3SmroCZscivbS6mqxEWoKmqZJffp3vSsqPUteaw1GWNOmefX:croA7PWioX
Static task
static1
Behavioral task
behavioral1
Sample
289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6766067146:AAHFJ0MibSkcw884er6PWmsW8KsHwF4xGxc/
Targets
-
-
Target
289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383
-
Size
2.3MB
-
MD5
0836be75ada3e2f608f9a275d45c996f
-
SHA1
10d9e8ec87f51bc9553c5d7a6c5a7926cae0851f
-
SHA256
289b62f2e1ec19c7f622b48703c1105fd3b5c03f6d25a4447b19f061dc3bc383
-
SHA512
439cd2a9758e4db6f6bb3cc40dadcb24b50ebfccc149cae1293e67bf1e5c6cd9291485c3f7f7dccb8f6dd697c117699a561be6e64d4e694115f766a0c8346af3
-
SSDEEP
49152:eF50a6aPVOFMx3SmroCZscivbS6mqxEWoKmqZJffp3vSsqPUteaw1GWNOmefX:croA7PWioX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-