General
-
Target
144fb79c3d4131bb67e0c761274ec5f3bc67a5931bf1663daf2d447eb75cacad
-
Size
1.3MB
-
Sample
240702-bq89zsvdnl
-
MD5
c6197964134eed7eb3eceb7167f17e36
-
SHA1
e3f5db78709fcf60e11e6d93949a0668a5020c41
-
SHA256
144fb79c3d4131bb67e0c761274ec5f3bc67a5931bf1663daf2d447eb75cacad
-
SHA512
1d42ef37d793978e24cd3bb8fde7a59e009b119448b7e05c5b6dfd937058c5252b9088d7c03a7f1e041ad5069b2d993fa3879a6cdf834cdfc90329aaffdf41f8
-
SSDEEP
12288:wo1j7VAcgy292RPAlgdpBYtFlg8GlSuVhbsus7dEi:9rgy2WAGdpwlg8GlSIhbsuQEi
Static task
static1
Behavioral task
behavioral1
Sample
144fb79c3d4131bb67e0c761274ec5f3bc67a5931bf1663daf2d447eb75cacad.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
144fb79c3d4131bb67e0c761274ec5f3bc67a5931bf1663daf2d447eb75cacad.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2049439171:AAHTF-OzMCy9i3S0b0hmaVc_mUsY0h6Ue_w/sendDocument
Targets
-
-
Target
144fb79c3d4131bb67e0c761274ec5f3bc67a5931bf1663daf2d447eb75cacad
-
Size
1.3MB
-
MD5
c6197964134eed7eb3eceb7167f17e36
-
SHA1
e3f5db78709fcf60e11e6d93949a0668a5020c41
-
SHA256
144fb79c3d4131bb67e0c761274ec5f3bc67a5931bf1663daf2d447eb75cacad
-
SHA512
1d42ef37d793978e24cd3bb8fde7a59e009b119448b7e05c5b6dfd937058c5252b9088d7c03a7f1e041ad5069b2d993fa3879a6cdf834cdfc90329aaffdf41f8
-
SSDEEP
12288:wo1j7VAcgy292RPAlgdpBYtFlg8GlSuVhbsus7dEi:9rgy2WAGdpwlg8GlSIhbsuQEi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-