General
-
Target
e30adde12d130a08a125bdd04207bcab94e024755ebac7f7ac6a02044ca783b8.exe
-
Size
1014KB
-
Sample
240229-gn5fxage73
-
MD5
ae7c34a6ffb21e0dcb797d60a95a9970
-
SHA1
9fecfccdd9380067f125e43457f2027cfdc2ceb6
-
SHA256
e30adde12d130a08a125bdd04207bcab94e024755ebac7f7ac6a02044ca783b8
-
SHA512
f6ab8ef347b2b4f289cbccbeac5d7844421a2b06307018646778d2acaa0efabfde53587341103eb67303f1308bd84e06b359104e92779f013307e9735850ef89
-
SSDEEP
24576:Ytb20pkaCqT5TBWgNQ7a9Od0KruL1Z/F6A:hVg5tQ7a9OYLDt5
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
bezelety.top - Port:
587 - Username:
[email protected] - Password:
IxF(..bSed6k - Email To:
[email protected]
Targets
-
-
Target
e30adde12d130a08a125bdd04207bcab94e024755ebac7f7ac6a02044ca783b8.exe
-
Size
1014KB
-
MD5
ae7c34a6ffb21e0dcb797d60a95a9970
-
SHA1
9fecfccdd9380067f125e43457f2027cfdc2ceb6
-
SHA256
e30adde12d130a08a125bdd04207bcab94e024755ebac7f7ac6a02044ca783b8
-
SHA512
f6ab8ef347b2b4f289cbccbeac5d7844421a2b06307018646778d2acaa0efabfde53587341103eb67303f1308bd84e06b359104e92779f013307e9735850ef89
-
SSDEEP
24576:Ytb20pkaCqT5TBWgNQ7a9Od0KruL1Z/F6A:hVg5tQ7a9OYLDt5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-