General
-
Target
9454d10a57b4026bb1b1c6d054349605e3c728c5ae24549b464dd5af84246e9f.zip
-
Size
622KB
-
Sample
240427-bxa1rsgb94
-
MD5
ea164330ba06fd9e4f5f71d5b5469d58
-
SHA1
e2be1b8b965ae4d433648540e20ad9daf8a97db6
-
SHA256
9454d10a57b4026bb1b1c6d054349605e3c728c5ae24549b464dd5af84246e9f
-
SHA512
2a92d858ddfcc6fcac335976b075e0fa94459ff934a845d03549748fa377b340fcd6b921aa269f65517777f903b60700724e50cd017c70bd095008b8a3d9f7ba
-
SSDEEP
12288:xyX/175ppnfwH7dWqz9vqUuv1W4N+u3qFeIV5whSDeOq4jnWrKoHHYCzOZDJi:SNwHhWSpqUOvX3hIYhAeOq8q4CzOZli
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bezelety.top - Port:
587 - Username:
[email protected] - Password:
KV?y1$dqdUzV - Email To:
[email protected]
Targets
-
-
Target
Purchase Confirmation 003-23 170204/Purchase Confirmation 003-23 170204.exe
-
Size
1.1MB
-
MD5
baf61e5dbe33cf47ad6ddc4076a07af9
-
SHA1
1fc141512c6a2a4715fd533d0adc1d8ce3c7842f
-
SHA256
ea9deb59fc6309ddda6806eb4f7ce780eb54f1b0b7eca72b366bc8f110c5222a
-
SHA512
2463f0c87870b5ddac391dcb88209cef983db246447fe1844c303d0d33c0eb1d3f70f9a7895b4fea00690862b268a36cfd69f19c18478d96c57afdf0fe11e59f
-
SSDEEP
24576:+AHnh+eWsN3skA4RV1Hom2KXMmHa39eGsaq4QzOZIRE5:ph+ZkldoPK8Ya3QGa4Q+IY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-