General

  • Target

    add0d680c45f1c8241ca9eb8f5997d5540f00a37a7522135e0675b1332335ec9.exe

  • Size

    238KB

  • MD5

    b6a505583abf47aca04e614aab181c15

  • SHA1

    2a51b0ccc10629a167c8efd1613eabe149a03d50

  • SHA256

    add0d680c45f1c8241ca9eb8f5997d5540f00a37a7522135e0675b1332335ec9

  • SHA512

    f32b038cfaf5f8469ee889e8c39f9a99e5971c4053c8053a976ed93d4d4167081473c6d24d8d596c0e7b30050536bd88b736edd8b326657629336062c296e5f4

  • SSDEEP

    3072:yZl2e7GdwPfnnP8LkdxJGVHWeZXLDmdeEUMk5iJGeq5Wy5NmxgA:yZl2TdwPfnnPjdxJGV2eZH4U9uGee5E

Score
10/10

Malware Config

Extracted

Family

agenttesla

Credentials

Signatures

  • Agenttesla family
  • Detect packed .NET executables. Mostly AgentTeslaV4. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs
  • Detects executables referencing Windows vault credential objects. Observed in infostealers 1 IoCs
  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
  • Detects executables referencing many email and collaboration clients. Observed in information stealers 1 IoCs
  • Detects executables referencing many file transfer clients. Observed in information stealers 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • add0d680c45f1c8241ca9eb8f5997d5540f00a37a7522135e0675b1332335ec9.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections