General
-
Target
873fb072fccac9fc833f34c74570749b1c3fdc5d0b521f9b793550efa8026f25.exe
-
Size
818KB
-
Sample
240429-btpdzsef5y
-
MD5
5207e1d2d04cc44b8ba39e6ce472e733
-
SHA1
673e14e004281036d7420d705c1e336e451637aa
-
SHA256
873fb072fccac9fc833f34c74570749b1c3fdc5d0b521f9b793550efa8026f25
-
SHA512
8b4d9dc2758e310025067a8b772b7d313a2c35d07fd6720049199f5c49dbd6b924ee9ac0e55548acbd58fb76698907b6b89c575ace538a025445bc3af17a05b0
-
SSDEEP
24576:NQPjKr5BNDBwCCMST7RoJHHMf412CPdoJ6u:6k5BNVo7RoMICJ6u
Static task
static1
Behavioral task
behavioral1
Sample
873fb072fccac9fc833f34c74570749b1c3fdc5d0b521f9b793550efa8026f25.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
873fb072fccac9fc833f34c74570749b1c3fdc5d0b521f9b793550efa8026f25.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.quoctoan.vn - Port:
587 - Username:
long_xnk@quoctoan.vn - Password:
bGMJNaGYNTLC - Email To:
dclarkson007@protonmail.com
Targets
-
-
Target
873fb072fccac9fc833f34c74570749b1c3fdc5d0b521f9b793550efa8026f25.exe
-
Size
818KB
-
MD5
5207e1d2d04cc44b8ba39e6ce472e733
-
SHA1
673e14e004281036d7420d705c1e336e451637aa
-
SHA256
873fb072fccac9fc833f34c74570749b1c3fdc5d0b521f9b793550efa8026f25
-
SHA512
8b4d9dc2758e310025067a8b772b7d313a2c35d07fd6720049199f5c49dbd6b924ee9ac0e55548acbd58fb76698907b6b89c575ace538a025445bc3af17a05b0
-
SSDEEP
24576:NQPjKr5BNDBwCCMST7RoJHHMf412CPdoJ6u:6k5BNVo7RoMICJ6u
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-