General

  • Target

    dcbaa14accda4e8c595337d5002143323d890504fce3e0f81d4cada130f2a693

  • Size

    264KB

  • MD5

    bcd5fbe19572b3fb8a69aded2988c803

  • SHA1

    eaefedd6c796b86587f5b55a8dfd2accd162bc4e

  • SHA256

    dcbaa14accda4e8c595337d5002143323d890504fce3e0f81d4cada130f2a693

  • SHA512

    2b3abc054dad41a2b90b7259642d0e065d1d8bfae9477556616bb819fe34365109f2d5ecbdcd6f3882bd5db5af0c561a2c47374e19282d30be70e9d95e38dae8

  • SSDEEP

    3072:0qKpQb1htB1Tpeaqm86z4k8geoG0MsvPb30+n5Lht+r7E:eQb1htB1lef6YNbsnb3jLtM

Score
10/10

Malware Config

Signatures

  • Agenttesla family
  • Detect packed .NET executables. Mostly AgentTeslaV4. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs
  • Detects executables referencing Windows vault credential objects. Observed in infostealers 1 IoCs
  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
  • Detects executables referencing many email and collaboration clients. Observed in information stealers 1 IoCs
  • Detects executables referencing many file transfer clients. Observed in information stealers 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • dcbaa14accda4e8c595337d5002143323d890504fce3e0f81d4cada130f2a693
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections