General
-
Target
3e6f5b34df415cd738ae52e38334919b769511b0412b5dad33220e1c9460a92f
-
Size
3.3MB
-
Sample
240701-bhtjkavcpl
-
MD5
5b266570c1fe5d5d78aecb6c5681877d
-
SHA1
10fda5ba1b1c7c73dfc906c7a0bbeafe6f52d99e
-
SHA256
3e6f5b34df415cd738ae52e38334919b769511b0412b5dad33220e1c9460a92f
-
SHA512
5e9734f5255d588864cbcd7b7f79e2a10c8670a0162a49acb363fd40ce7f01456178e5db9c54f1c111ecbc5b2fcc46dfaf8ea8146231ef348f79cea5ba6935b1
-
SSDEEP
12288:+/cwLkICZGikzWCClzuQtL87W7j/7Q5pkgitsC022DONtFDibX9z:+dLaCMLtY7WHD43ayQLYp
Static task
static1
Behavioral task
behavioral1
Sample
3e6f5b34df415cd738ae52e38334919b769511b0412b5dad33220e1c9460a92f.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
3e6f5b34df415cd738ae52e38334919b769511b0412b5dad33220e1c9460a92f.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6766067146:AAHFJ0MibSkcw884er6PWmsW8KsHwF4xGxc/
Targets
-
-
Target
3e6f5b34df415cd738ae52e38334919b769511b0412b5dad33220e1c9460a92f
-
Size
3.3MB
-
MD5
5b266570c1fe5d5d78aecb6c5681877d
-
SHA1
10fda5ba1b1c7c73dfc906c7a0bbeafe6f52d99e
-
SHA256
3e6f5b34df415cd738ae52e38334919b769511b0412b5dad33220e1c9460a92f
-
SHA512
5e9734f5255d588864cbcd7b7f79e2a10c8670a0162a49acb363fd40ce7f01456178e5db9c54f1c111ecbc5b2fcc46dfaf8ea8146231ef348f79cea5ba6935b1
-
SSDEEP
12288:+/cwLkICZGikzWCClzuQtL87W7j/7Q5pkgitsC022DONtFDibX9z:+dLaCMLtY7WHD43ayQLYp
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-