General
-
Target
c9495cc11ac18b285ddfe9c82c76d789a5caa7179f7500cc5e6ec7d659ca8c54.exe
-
Size
705KB
-
Sample
240424-camaysea2z
-
MD5
699b4ee5b2ca5887e48214ff1528e25d
-
SHA1
ac35dfe4cdabbb884eabe1c36e990b4fe3edab37
-
SHA256
c9495cc11ac18b285ddfe9c82c76d789a5caa7179f7500cc5e6ec7d659ca8c54
-
SHA512
07afcdc98b6bbfce341a97c871f8c004890def6ca19a169401583ae1afedc5b330a6456a43b80a0a3c1c1b9cc2f7a680beda0a2be979a1bd960a187f420b962f
-
SSDEEP
12288:Do7gHK0cpSDviH6VSx/Q67K4xAgSDGQr0UehDkIb6JjXMjTFg5:ljwQ67K4C9DjrYhD6XoTF
Static task
static1
Behavioral task
behavioral1
Sample
c9495cc11ac18b285ddfe9c82c76d789a5caa7179f7500cc5e6ec7d659ca8c54.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c9495cc11ac18b285ddfe9c82c76d789a5caa7179f7500cc5e6ec7d659ca8c54.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
WiYR)pU7 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
WiYR)pU7
Targets
-
-
Target
c9495cc11ac18b285ddfe9c82c76d789a5caa7179f7500cc5e6ec7d659ca8c54.exe
-
Size
705KB
-
MD5
699b4ee5b2ca5887e48214ff1528e25d
-
SHA1
ac35dfe4cdabbb884eabe1c36e990b4fe3edab37
-
SHA256
c9495cc11ac18b285ddfe9c82c76d789a5caa7179f7500cc5e6ec7d659ca8c54
-
SHA512
07afcdc98b6bbfce341a97c871f8c004890def6ca19a169401583ae1afedc5b330a6456a43b80a0a3c1c1b9cc2f7a680beda0a2be979a1bd960a187f420b962f
-
SSDEEP
12288:Do7gHK0cpSDviH6VSx/Q67K4xAgSDGQr0UehDkIb6JjXMjTFg5:ljwQ67K4C9DjrYhD6XoTF
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-