General
-
Target
3c54f1e2d58d392a6bcd2e6c836d1479888e3c334b8e6f5511a65bc1506681fb.exe
-
Size
988KB
-
Sample
240427-bpyf4afh87
-
MD5
4e62c4b92779d99998cd908a0966bf7d
-
SHA1
e02dc74baae821c91f12c890db595f9b08db418c
-
SHA256
3c54f1e2d58d392a6bcd2e6c836d1479888e3c334b8e6f5511a65bc1506681fb
-
SHA512
b563249ab296c423529877328c34e90d8437247d4e43c6122eb9c9732af33008ccff6b820fca91c1620a7039744964cfd9114d9430bc81444df07682306a0d3c
-
SSDEEP
24576:4wj9VEAwjUNroBr4eL7Wvmnn30lasPZTJOsdKknLimo/agStPTn:VE4NUBrd7xn30lXPZTx7Gj5Gb
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7017233680:AAEfWTUjfiK5hxLLRkmgitv57SQZuFap4nQ/
Targets
-
-
Target
3c54f1e2d58d392a6bcd2e6c836d1479888e3c334b8e6f5511a65bc1506681fb.exe
-
Size
988KB
-
MD5
4e62c4b92779d99998cd908a0966bf7d
-
SHA1
e02dc74baae821c91f12c890db595f9b08db418c
-
SHA256
3c54f1e2d58d392a6bcd2e6c836d1479888e3c334b8e6f5511a65bc1506681fb
-
SHA512
b563249ab296c423529877328c34e90d8437247d4e43c6122eb9c9732af33008ccff6b820fca91c1620a7039744964cfd9114d9430bc81444df07682306a0d3c
-
SSDEEP
24576:4wj9VEAwjUNroBr4eL7Wvmnn30lasPZTJOsdKknLimo/agStPTn:VE4NUBrd7xn30lXPZTx7Gj5Gb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with or use KoiVM
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-