General
-
Target
d1eb3ca7fba3768f873fc91d8f07274c89de6e32fe3ba4db03ecf0bfb9902e00.exe
-
Size
671KB
-
Sample
240430-ccbx1aha78
-
MD5
1f021d4ca98819877db4f77fdeb4d05b
-
SHA1
c9926be218481a8339e99fd6ce71124d7e375d38
-
SHA256
d1eb3ca7fba3768f873fc91d8f07274c89de6e32fe3ba4db03ecf0bfb9902e00
-
SHA512
2c266642b34f1f16d80241583b4e50b2c4c2215368fce4de9ac7396647fa98f940f54ba2949a2a4d85287b909dca105045a37e4297d015cd16ee6e0a10c0c2bb
-
SSDEEP
12288:0oKoh70D0pj2rm/3SeMa58EkI+iFZXsEhNt4izddeqRvdHJY2MorAMuMyE:vh7GyD8EPfFZNnddeUJY2Xug
Static task
static1
Behavioral task
behavioral1
Sample
d1eb3ca7fba3768f873fc91d8f07274c89de6e32fe3ba4db03ecf0bfb9902e00.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
d1eb3ca7fba3768f873fc91d8f07274c89de6e32fe3ba4db03ecf0bfb9902e00.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.indra-precision.co.th - Port:
21 - Username:
[email protected] - Password:
UW8f$y[fBOEs
Extracted
Protocol: ftp- Host:
ftp.indra-precision.co.th - Port:
21 - Username:
[email protected] - Password:
UW8f$y[fBOEs
Targets
-
-
Target
d1eb3ca7fba3768f873fc91d8f07274c89de6e32fe3ba4db03ecf0bfb9902e00.exe
-
Size
671KB
-
MD5
1f021d4ca98819877db4f77fdeb4d05b
-
SHA1
c9926be218481a8339e99fd6ce71124d7e375d38
-
SHA256
d1eb3ca7fba3768f873fc91d8f07274c89de6e32fe3ba4db03ecf0bfb9902e00
-
SHA512
2c266642b34f1f16d80241583b4e50b2c4c2215368fce4de9ac7396647fa98f940f54ba2949a2a4d85287b909dca105045a37e4297d015cd16ee6e0a10c0c2bb
-
SSDEEP
12288:0oKoh70D0pj2rm/3SeMa58EkI+iFZXsEhNt4izddeqRvdHJY2MorAMuMyE:vh7GyD8EPfFZNnddeUJY2Xug
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-