General
-
Target
837d8cc3da8af1b873a7c337214b73168fb688e17f3c33722aae27a169f506a2
-
Size
1.2MB
-
Sample
240328-2k6vsabc59
-
MD5
3c785d4ebfb66ee2896e9794529159bc
-
SHA1
ad3d49245fe44b35d6f8004e36bff0c4e4781e62
-
SHA256
837d8cc3da8af1b873a7c337214b73168fb688e17f3c33722aae27a169f506a2
-
SHA512
04625cc9db6b6ea26fe313b86c29f2717ce531ec66dbd0c61e90403f2c78f4513959758af2bd571a524cf73c2a9f9a1405cf3a44039ab8e790c467b1930018c3
-
SSDEEP
24576:YqDEvCTbMWu7rQYlBQcBiT6rprG8aOntHSiIs2LLLpJG+aL:YTvC/MTQYxsWR7aOtHDMzG+
Static task
static1
Behavioral task
behavioral1
Sample
837d8cc3da8af1b873a7c337214b73168fb688e17f3c33722aae27a169f506a2.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
837d8cc3da8af1b873a7c337214b73168fb688e17f3c33722aae27a169f506a2.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
837d8cc3da8af1b873a7c337214b73168fb688e17f3c33722aae27a169f506a2
-
Size
1.2MB
-
MD5
3c785d4ebfb66ee2896e9794529159bc
-
SHA1
ad3d49245fe44b35d6f8004e36bff0c4e4781e62
-
SHA256
837d8cc3da8af1b873a7c337214b73168fb688e17f3c33722aae27a169f506a2
-
SHA512
04625cc9db6b6ea26fe313b86c29f2717ce531ec66dbd0c61e90403f2c78f4513959758af2bd571a524cf73c2a9f9a1405cf3a44039ab8e790c467b1930018c3
-
SSDEEP
24576:YqDEvCTbMWu7rQYlBQcBiT6rprG8aOntHSiIs2LLLpJG+aL:YTvC/MTQYxsWR7aOtHDMzG+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Drops startup file
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-