General
-
Target
d1f0868ae3889a44d3a0f4e0650c8c9f0806cbae37dd5d8966376463b6bcf505.exe
-
Size
679KB
-
Sample
240327-c6s4dadh7w
-
MD5
b1422d1b2edbf5a25a17fd89554a34b0
-
SHA1
79bd1dcad0fa6155fbca11c9a3500baaf46288af
-
SHA256
d1f0868ae3889a44d3a0f4e0650c8c9f0806cbae37dd5d8966376463b6bcf505
-
SHA512
2a83d96c2296f53883ce2a2f2004b9f9931adaae8a513782b62a9aebc623b4e4852d185a0fe15944e24c741c6eddf0c31f7366a2ce6360e28dac0193679369d1
-
SSDEEP
12288:XXqLha5WlNOqfQOztCLLboHdZ6oTePvmkVZJ654R00aqPnfgfIPK1DO88t:nqHp4O+LMZ6oTeP/BccCqfr
Static task
static1
Behavioral task
behavioral1
Sample
d1f0868ae3889a44d3a0f4e0650c8c9f0806cbae37dd5d8966376463b6bcf505.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d1f0868ae3889a44d3a0f4e0650c8c9f0806cbae37dd5d8966376463b6bcf505.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@
Targets
-
-
Target
d1f0868ae3889a44d3a0f4e0650c8c9f0806cbae37dd5d8966376463b6bcf505.exe
-
Size
679KB
-
MD5
b1422d1b2edbf5a25a17fd89554a34b0
-
SHA1
79bd1dcad0fa6155fbca11c9a3500baaf46288af
-
SHA256
d1f0868ae3889a44d3a0f4e0650c8c9f0806cbae37dd5d8966376463b6bcf505
-
SHA512
2a83d96c2296f53883ce2a2f2004b9f9931adaae8a513782b62a9aebc623b4e4852d185a0fe15944e24c741c6eddf0c31f7366a2ce6360e28dac0193679369d1
-
SSDEEP
12288:XXqLha5WlNOqfQOztCLLboHdZ6oTePvmkVZJ654R00aqPnfgfIPK1DO88t:nqHp4O+LMZ6oTeP/BccCqfr
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with SmartAssembly
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-