General
-
Target
89d7f5ebd276fd6f53eacfef8377c6756a4da4c964da2bb51e059d5f04001b2c.exe
-
Size
1.1MB
-
Sample
240425-b5mpjada76
-
MD5
29f5c71635b9edb6929e77b5f5462136
-
SHA1
6daa3b1f5cc828e4ab95d2ebb48e11d9e7791cf0
-
SHA256
89d7f5ebd276fd6f53eacfef8377c6756a4da4c964da2bb51e059d5f04001b2c
-
SHA512
1f82360b411e0599144a3c8e91b6ed0fee66ff87f1e72133f067cdae7057e504b5f491b8f465a84b188a399fbc4d90835235034680f31534808f36b4f2026f10
-
SSDEEP
24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaAe5iwefqWkVri5:5h+ZkldoPK8YaAeghirM
Static task
static1
Behavioral task
behavioral1
Sample
89d7f5ebd276fd6f53eacfef8377c6756a4da4c964da2bb51e059d5f04001b2c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
89d7f5ebd276fd6f53eacfef8377c6756a4da4c964da2bb51e059d5f04001b2c.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cmcapama.top - Port:
587 - Username:
[email protected] - Password:
EVEitDp@^lu~ - Email To:
[email protected]
Targets
-
-
Target
89d7f5ebd276fd6f53eacfef8377c6756a4da4c964da2bb51e059d5f04001b2c.exe
-
Size
1.1MB
-
MD5
29f5c71635b9edb6929e77b5f5462136
-
SHA1
6daa3b1f5cc828e4ab95d2ebb48e11d9e7791cf0
-
SHA256
89d7f5ebd276fd6f53eacfef8377c6756a4da4c964da2bb51e059d5f04001b2c
-
SHA512
1f82360b411e0599144a3c8e91b6ed0fee66ff87f1e72133f067cdae7057e504b5f491b8f465a84b188a399fbc4d90835235034680f31534808f36b4f2026f10
-
SSDEEP
24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaAe5iwefqWkVri5:5h+ZkldoPK8YaAeghirM
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-