General
-
Target
ea9deb59fc6309ddda6806eb4f7ce780eb54f1b0b7eca72b366bc8f110c5222a.exe
-
Size
1.1MB
-
Sample
240427-b3xfyshc8s
-
MD5
baf61e5dbe33cf47ad6ddc4076a07af9
-
SHA1
1fc141512c6a2a4715fd533d0adc1d8ce3c7842f
-
SHA256
ea9deb59fc6309ddda6806eb4f7ce780eb54f1b0b7eca72b366bc8f110c5222a
-
SHA512
2463f0c87870b5ddac391dcb88209cef983db246447fe1844c303d0d33c0eb1d3f70f9a7895b4fea00690862b268a36cfd69f19c18478d96c57afdf0fe11e59f
-
SSDEEP
24576:+AHnh+eWsN3skA4RV1Hom2KXMmHa39eGsaq4QzOZIRE5:ph+ZkldoPK8Ya3QGa4Q+IY
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezelety.top - Port:
587 - Username:
[email protected] - Password:
KV?y1$dqdUzV - Email To:
[email protected]
Targets
-
-
Target
ea9deb59fc6309ddda6806eb4f7ce780eb54f1b0b7eca72b366bc8f110c5222a.exe
-
Size
1.1MB
-
MD5
baf61e5dbe33cf47ad6ddc4076a07af9
-
SHA1
1fc141512c6a2a4715fd533d0adc1d8ce3c7842f
-
SHA256
ea9deb59fc6309ddda6806eb4f7ce780eb54f1b0b7eca72b366bc8f110c5222a
-
SHA512
2463f0c87870b5ddac391dcb88209cef983db246447fe1844c303d0d33c0eb1d3f70f9a7895b4fea00690862b268a36cfd69f19c18478d96c57afdf0fe11e59f
-
SSDEEP
24576:+AHnh+eWsN3skA4RV1Hom2KXMmHa39eGsaq4QzOZIRE5:ph+ZkldoPK8Ya3QGa4Q+IY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-