General
-
Target
cf6aced16f19b2a2a0ac5266565f3b794e42e405fc570b5df344daa3c3d1d5bb.exe
-
Size
967KB
-
Sample
240328-c4eszaba39
-
MD5
9c9908d9a8db6ad301678e96d136ddd9
-
SHA1
21f346ed1ea18080fd711c119a204ae89c7e8771
-
SHA256
cf6aced16f19b2a2a0ac5266565f3b794e42e405fc570b5df344daa3c3d1d5bb
-
SHA512
68338ed95fbecbc86daefa985c5839be356f8e3fd90e972c282522da6dba3c673b684146946d6ef210fdda328eaebf108e2bf990feee8cb82f382c48268ea33e
-
SSDEEP
12288:ZSKMpm64v7Zh6PsSUkynkGZe2uVu0NQMlmNnT/RpXAlT3kw7BjZ5QDAdCDbjq/GE:ZS5j4v7KPsbkrDjWTJpwlT0m/Q0
Static task
static1
Behavioral task
behavioral1
Sample
cf6aced16f19b2a2a0ac5266565f3b794e42e405fc570b5df344daa3c3d1d5bb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cf6aced16f19b2a2a0ac5266565f3b794e42e405fc570b5df344daa3c3d1d5bb.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.vila-gabriel.ro - Port:
21 - Username:
FTPAdmin@vila-gabriel.ro - Password:
bVkMH6R.pfF~NN@ossy$W!_pz[bh!9l(MU%UtX9L^W}vO=mn*g*;]}]
Targets
-
-
Target
cf6aced16f19b2a2a0ac5266565f3b794e42e405fc570b5df344daa3c3d1d5bb.exe
-
Size
967KB
-
MD5
9c9908d9a8db6ad301678e96d136ddd9
-
SHA1
21f346ed1ea18080fd711c119a204ae89c7e8771
-
SHA256
cf6aced16f19b2a2a0ac5266565f3b794e42e405fc570b5df344daa3c3d1d5bb
-
SHA512
68338ed95fbecbc86daefa985c5839be356f8e3fd90e972c282522da6dba3c673b684146946d6ef210fdda328eaebf108e2bf990feee8cb82f382c48268ea33e
-
SSDEEP
12288:ZSKMpm64v7Zh6PsSUkynkGZe2uVu0NQMlmNnT/RpXAlT3kw7BjZ5QDAdCDbjq/GE:ZS5j4v7KPsbkrDjWTJpwlT0m/Q0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-