General
-
Target
a0a0fb07e86f86daca2883b96c5e33752eb4cbd08778bce91c40285efbc4e92f.exe
-
Size
1.1MB
-
Sample
240425-b8mtpsdc8t
-
MD5
a7719f9298c67b4e4ce91b0004d33b8b
-
SHA1
45e89904dfaef5c5abf9f773ff12a24d3b50aca7
-
SHA256
a0a0fb07e86f86daca2883b96c5e33752eb4cbd08778bce91c40285efbc4e92f
-
SHA512
ab908cda8982a961f1c465a857b375193e2e855084b0c3f500ba6775b2bcb1e00f508cb9b4093da2c24d21ffb1e918b532e35f1723f1d5e9abe876ac4ffe026b
-
SSDEEP
24576:DAHnh+eWsN3skA4RV1Hom2KXMmHaz9n6cajbH5:Oh+ZkldoPK8Yaz51aB
Static task
static1
Behavioral task
behavioral1
Sample
a0a0fb07e86f86daca2883b96c5e33752eb4cbd08778bce91c40285efbc4e92f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a0a0fb07e86f86daca2883b96c5e33752eb4cbd08778bce91c40285efbc4e92f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cmcapama.top - Port:
587 - Username:
[email protected] - Password:
EVEitDp@^lu~ - Email To:
[email protected]
Targets
-
-
Target
a0a0fb07e86f86daca2883b96c5e33752eb4cbd08778bce91c40285efbc4e92f.exe
-
Size
1.1MB
-
MD5
a7719f9298c67b4e4ce91b0004d33b8b
-
SHA1
45e89904dfaef5c5abf9f773ff12a24d3b50aca7
-
SHA256
a0a0fb07e86f86daca2883b96c5e33752eb4cbd08778bce91c40285efbc4e92f
-
SHA512
ab908cda8982a961f1c465a857b375193e2e855084b0c3f500ba6775b2bcb1e00f508cb9b4093da2c24d21ffb1e918b532e35f1723f1d5e9abe876ac4ffe026b
-
SSDEEP
24576:DAHnh+eWsN3skA4RV1Hom2KXMmHaz9n6cajbH5:Oh+ZkldoPK8Yaz51aB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-