General
-
Target
53c30e1c286111c4905f6b29f0afb1bf13502396e0bf16dfdd855ba50503035f.exe
-
Size
652KB
-
Sample
240430-bq1b3sgf2y
-
MD5
998c2370279a1b790a862e310ebd0ef7
-
SHA1
ca3ce7e3e72e30834c85c053e95a6e900208fde4
-
SHA256
53c30e1c286111c4905f6b29f0afb1bf13502396e0bf16dfdd855ba50503035f
-
SHA512
6dae6952c049942dab052efc495cdb368bd6aa7e36af6e7eba6164597614863aff0ffc2f72a62bb83027edc326195962f268425c19eb9b2a491172dcc84fa3e1
-
SSDEEP
12288:Cr4OHp3Cte/1oQ5M4F6I7sEF+zZn9O+UC1eS8DMZBzQQB7fQn2cWjoI:28tEqIN0n9O+2S88hpfQnrA
Static task
static1
Behavioral task
behavioral1
Sample
53c30e1c286111c4905f6b29f0afb1bf13502396e0bf16dfdd855ba50503035f.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
53c30e1c286111c4905f6b29f0afb1bf13502396e0bf16dfdd855ba50503035f.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.indra-precision.co.th - Port:
21 - Username:
[email protected] - Password:
UW8f$y[fBOEs
Targets
-
-
Target
53c30e1c286111c4905f6b29f0afb1bf13502396e0bf16dfdd855ba50503035f.exe
-
Size
652KB
-
MD5
998c2370279a1b790a862e310ebd0ef7
-
SHA1
ca3ce7e3e72e30834c85c053e95a6e900208fde4
-
SHA256
53c30e1c286111c4905f6b29f0afb1bf13502396e0bf16dfdd855ba50503035f
-
SHA512
6dae6952c049942dab052efc495cdb368bd6aa7e36af6e7eba6164597614863aff0ffc2f72a62bb83027edc326195962f268425c19eb9b2a491172dcc84fa3e1
-
SSDEEP
12288:Cr4OHp3Cte/1oQ5M4F6I7sEF+zZn9O+UC1eS8DMZBzQQB7fQn2cWjoI:28tEqIN0n9O+2S88hpfQnrA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-