Overview

overview

10

Static

static

10

aa3fdf09f5...f5.exe

windows7-x64

10

aa3fdf09f5...f5.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    aa3fdf09f5e73e4a23580d387717148203f6c2d365ab64caffc109fcc7856ff5.exe

  • Size

    242KB

  • MD5

    33c1151431af95ac887b7640a60b4627

  • SHA1

    5bd1a59b8f29628a23ba8a6ca2067646878d2b0d

  • SHA256

    aa3fdf09f5e73e4a23580d387717148203f6c2d365ab64caffc109fcc7856ff5

  • SHA512

    60d8c6a95f850bbbb22d277d904cbed8c2c1be3ea3cf4c78ef2b1185ab9df4b7c9f38f15f35164cf96060a2d57128f8cb4c6758e85eb1e0df5922c4586344ee5

  • SSDEEP

    3072:G7WIjVWv3nffyjIW1RYlZTPRkOm2xq1Nq5NT9DrJKUJ:aWIjVWv3nffyjIW12TPRBxENIDr8

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6957776389:AAGE3Y2I0YZ27F-41ZLwjxi6zM96chGzSyw/

Signatures

  • Agenttesla family
    agenttesla
  • Detect packed .NET executables. Mostly AgentTeslaV4. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables referencing Windows vault credential objects. Observed in infostealers 1 IoCs
  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
  • Detects executables referencing many email and collaboration clients. Observed in information stealers 1 IoCs
  • Detects executables referencing many file transfer clients. Observed in information stealers 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • aa3fdf09f5e73e4a23580d387717148203f6c2d365ab64caffc109fcc7856ff5.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections