General
-
Target
edce34e1a1a9923d4fd0926c9bfe8d4e9bc3b6b26776fbaee683a6c2286bb4e9.lzh
-
Size
663KB
-
Sample
240424-cf82xaeb49
-
MD5
eccad3e996e1e5b349d2d2625b41d42c
-
SHA1
3f330b0ef5d60cbce8171f920c81c0841f28d7ec
-
SHA256
edce34e1a1a9923d4fd0926c9bfe8d4e9bc3b6b26776fbaee683a6c2286bb4e9
-
SHA512
798248cbc468648496f746520e43d68ad21a5de69598cf12dee16d86db5ca59fb7da58b8c259ce337ec9b8be5de33ba67f4cdcc698cd7ab23bbec42bc6e32369
-
SSDEEP
12288:DvpO3d0EfAZaTdqoczQk1wyuwZ6ei/fp+PmizcCpHR/2lMxZ2ZmI7:DhONfAZc6RWw6++izjReWxZ2h
Static task
static1
Behavioral task
behavioral1
Sample
HS202410407 Elemento de proyecto MSMU5083745/HS202410407 Elemento de proyecto MSMU5083745.pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
HS202410407 Elemento de proyecto MSMU5083745/HS202410407 Elemento de proyecto MSMU5083745.pdf.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7099320956:AAEbKuoPa3eGpVw59XdjZSpakl0EQvO5p9g/
Targets
-
-
Target
HS202410407 Elemento de proyecto MSMU5083745/HS202410407 Elemento de proyecto MSMU5083745.pdf.exe
-
Size
300.0MB
-
MD5
ae691d82b099a7d1c9851c4fc30a0d7c
-
SHA1
e208fc697d549bcbf2f8d68fa7eac36b4f3de793
-
SHA256
c85752ca63d9ce92c459af05db545ed8c611622cbf273a4fec9c47bea1da5cca
-
SHA512
739fd1b478acbe1c972908f61da5b9472c436dd9c8b96ec72ef86fda5b871bba4c0949d35e1ed73373f2c47b94b00d7a4c4de0f0e0cbe7e9b1f14dfae1f48af9
-
SSDEEP
12288:WUnhF9WMn7VKqyX2F+2SrFJAaX6m5CVMfbgSaBLQqdydwh65IjHIk58SfFjr3x2Z:WUh2Mn7yXx57PfUlBLbd+wulS9jzIZ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-