General
-
Target
87c5a2d309ffac0613fcf699301e6180d341ab3ed0f454e65fead4c42224312c.exe
-
Size
2.2MB
-
Sample
240502-b45hysdd9w
-
MD5
c12f51bd01e1c930165aec910beafa0a
-
SHA1
08d2abaeb27eb108fa931675e32720ee9240ff0e
-
SHA256
87c5a2d309ffac0613fcf699301e6180d341ab3ed0f454e65fead4c42224312c
-
SHA512
5884be28545d0bf74c24274648ba5f4fb664e715d33164c46631c057695b1b5a028d8afda2105dd9d47084ab840a8924a3666cd6d3ae86dfc0749f7aa28a591b
-
SSDEEP
49152:E9EwF9mSciaRzjJE+fOnVn/kaEVhHBMMchYfT7hL/OT8BCD241VY:uly7RZMhEVoMdf/hL/OTD
Static task
static1
Behavioral task
behavioral1
Sample
87c5a2d309ffac0613fcf699301e6180d341ab3ed0f454e65fead4c42224312c.exe
Resource
win7-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sturmsgroup.com - Port:
587 - Username:
[email protected] - Password:
y[/wk46uE}y(|Xn[ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.sturmsgroup.com - Port:
587 - Username:
[email protected] - Password:
y[/wk46uE}y(|Xn[
Targets
-
-
Target
87c5a2d309ffac0613fcf699301e6180d341ab3ed0f454e65fead4c42224312c.exe
-
Size
2.2MB
-
MD5
c12f51bd01e1c930165aec910beafa0a
-
SHA1
08d2abaeb27eb108fa931675e32720ee9240ff0e
-
SHA256
87c5a2d309ffac0613fcf699301e6180d341ab3ed0f454e65fead4c42224312c
-
SHA512
5884be28545d0bf74c24274648ba5f4fb664e715d33164c46631c057695b1b5a028d8afda2105dd9d47084ab840a8924a3666cd6d3ae86dfc0749f7aa28a591b
-
SSDEEP
49152:E9EwF9mSciaRzjJE+fOnVn/kaEVhHBMMchYfT7hL/OT8BCD241VY:uly7RZMhEVoMdf/hL/OTD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-