General
-
Target
78fad406a45c2723861ac043560f4fcbe8ff4df4c5e49e702833944af1220e53.exe
-
Size
1.1MB
-
Sample
240426-bpjb6sgh52
-
MD5
254d0303fffb227dde317b5e2bb664ae
-
SHA1
f538ce2f5b72eaf0ecfb4a0b4a8af43436c0fb46
-
SHA256
78fad406a45c2723861ac043560f4fcbe8ff4df4c5e49e702833944af1220e53
-
SHA512
a9ef2d93e73edeac629d4c927c4e439e9e5b5a67e718edc8e638f7a99bb25745335bf633091dfda02ff6df4b21100106d0f48f4e1882e24ed19294c984213203
-
SSDEEP
24576:NAHnh+eWsN3skA4RV1Hom2KXMmHa+Lm1ESsb5:sh+ZkldoPK8Ya+6af
Static task
static1
Behavioral task
behavioral1
Sample
78fad406a45c2723861ac043560f4fcbe8ff4df4c5e49e702833944af1220e53.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
78fad406a45c2723861ac043560f4fcbe8ff4df4c5e49e702833944af1220e53.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cmcapama.top - Port:
587 - Username:
[email protected] - Password:
EVEitDp@^lu~ - Email To:
[email protected]
Targets
-
-
Target
78fad406a45c2723861ac043560f4fcbe8ff4df4c5e49e702833944af1220e53.exe
-
Size
1.1MB
-
MD5
254d0303fffb227dde317b5e2bb664ae
-
SHA1
f538ce2f5b72eaf0ecfb4a0b4a8af43436c0fb46
-
SHA256
78fad406a45c2723861ac043560f4fcbe8ff4df4c5e49e702833944af1220e53
-
SHA512
a9ef2d93e73edeac629d4c927c4e439e9e5b5a67e718edc8e638f7a99bb25745335bf633091dfda02ff6df4b21100106d0f48f4e1882e24ed19294c984213203
-
SSDEEP
24576:NAHnh+eWsN3skA4RV1Hom2KXMmHa+Lm1ESsb5:sh+ZkldoPK8Ya+6af
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-