General
-
Target
a11d36f9f4b69fd1e6c13584455e6270fd906530ad6e034d67927c16cbc76586.exe
-
Size
984KB
-
Sample
240425-b8q65adc8w
-
MD5
81a9abf49104df646db709f0365f8eeb
-
SHA1
fc69c4c2b1b74b7a9773f1824eb0cce589bdd673
-
SHA256
a11d36f9f4b69fd1e6c13584455e6270fd906530ad6e034d67927c16cbc76586
-
SHA512
c802671a311272799431db1ce2a20967919b2b3e0eb3b8a0a691fa181df831b98d9c77093c729eed8c0f009607e7d217dfb9e5da5284bef5f8e44b5c87054014
-
SSDEEP
24576:T0Qxs8dZ3vopZJpw7zJqt7+0fDhFh3EP/gJDWo7WlJhHJx:Tw83qjpGJqd+07hFyYJyeqbX
Static task
static1
Behavioral task
behavioral1
Sample
a11d36f9f4b69fd1e6c13584455e6270fd906530ad6e034d67927c16cbc76586.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a11d36f9f4b69fd1e6c13584455e6270fd906530ad6e034d67927c16cbc76586.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hatiplertekstil.com - Port:
587 - Username:
[email protected] - Password:
htpl102030 - Email To:
[email protected]
Targets
-
-
Target
a11d36f9f4b69fd1e6c13584455e6270fd906530ad6e034d67927c16cbc76586.exe
-
Size
984KB
-
MD5
81a9abf49104df646db709f0365f8eeb
-
SHA1
fc69c4c2b1b74b7a9773f1824eb0cce589bdd673
-
SHA256
a11d36f9f4b69fd1e6c13584455e6270fd906530ad6e034d67927c16cbc76586
-
SHA512
c802671a311272799431db1ce2a20967919b2b3e0eb3b8a0a691fa181df831b98d9c77093c729eed8c0f009607e7d217dfb9e5da5284bef5f8e44b5c87054014
-
SSDEEP
24576:T0Qxs8dZ3vopZJpw7zJqt7+0fDhFh3EP/gJDWo7WlJhHJx:Tw83qjpGJqd+07hFyYJyeqbX
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with or use KoiVM
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-