General
-
Target
1429363a609282393015df73bb88aea33d19637a0abb82982d1050e56e1b4481.exe
-
Size
997KB
-
Sample
240430-bfy19sgb3s
-
MD5
c72150696ac13ac1a2dc8b492c0d5ca3
-
SHA1
ff72cd015ebfe11c15f331122103fb78c5ad118c
-
SHA256
1429363a609282393015df73bb88aea33d19637a0abb82982d1050e56e1b4481
-
SHA512
505dd2c31c2f4e08330239d1a7c4357df8fd1c8aa66a50b5a4e91162b7c800caefb56eef69aa6c66955382a91fcb2997f269eaf280826e647a9491a2f9741c1f
-
SSDEEP
24576:gsP3GbkmtYXd/f9j91ir4hpKyO7YL3qiA8b2ab6WzXQ9DwYE:gf2Xrj9Qru/kaqFabBQ9sb
Static task
static1
Behavioral task
behavioral1
Sample
1429363a609282393015df73bb88aea33d19637a0abb82982d1050e56e1b4481.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1429363a609282393015df73bb88aea33d19637a0abb82982d1050e56e1b4481.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7017233680:AAEfWTUjfiK5hxLLRkmgitv57SQZuFap4nQ/
Targets
-
-
Target
1429363a609282393015df73bb88aea33d19637a0abb82982d1050e56e1b4481.exe
-
Size
997KB
-
MD5
c72150696ac13ac1a2dc8b492c0d5ca3
-
SHA1
ff72cd015ebfe11c15f331122103fb78c5ad118c
-
SHA256
1429363a609282393015df73bb88aea33d19637a0abb82982d1050e56e1b4481
-
SHA512
505dd2c31c2f4e08330239d1a7c4357df8fd1c8aa66a50b5a4e91162b7c800caefb56eef69aa6c66955382a91fcb2997f269eaf280826e647a9491a2f9741c1f
-
SSDEEP
24576:gsP3GbkmtYXd/f9j91ir4hpKyO7YL3qiA8b2ab6WzXQ9DwYE:gf2Xrj9Qru/kaqFabBQ9sb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with or use KoiVM
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-