General
-
Target
3ad7f415aff8f3efddcb3cd80e3755859751565d76df5b15f26c3c243b5330c7.exe
-
Size
1.2MB
-
Sample
240519-bl6y3aae5w
-
MD5
db8d5c5808856045722588e5c2e589fb
-
SHA1
c5fade4ffc8746ec2837208d101fbfaa194d8de3
-
SHA256
3ad7f415aff8f3efddcb3cd80e3755859751565d76df5b15f26c3c243b5330c7
-
SHA512
3a1abee218ddb1686af0610e145c5d12ec8c04abf18619574a262d587ea7ac2b685b61175155375384a429e1653c3b4d409883b4f06810cde963494cd254e97b
-
SSDEEP
24576:gAHnh+eWsN3skA4RV1Hom2KXMmHapqnbHOhllWwmmwiibl5:Xh+ZkldoPK8YapqbHOrmtiiT
Static task
static1
Behavioral task
behavioral1
Sample
3ad7f415aff8f3efddcb3cd80e3755859751565d76df5b15f26c3c243b5330c7.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
3ad7f415aff8f3efddcb3cd80e3755859751565d76df5b15f26c3c243b5330c7.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
3ad7f415aff8f3efddcb3cd80e3755859751565d76df5b15f26c3c243b5330c7.exe
-
Size
1.2MB
-
MD5
db8d5c5808856045722588e5c2e589fb
-
SHA1
c5fade4ffc8746ec2837208d101fbfaa194d8de3
-
SHA256
3ad7f415aff8f3efddcb3cd80e3755859751565d76df5b15f26c3c243b5330c7
-
SHA512
3a1abee218ddb1686af0610e145c5d12ec8c04abf18619574a262d587ea7ac2b685b61175155375384a429e1653c3b4d409883b4f06810cde963494cd254e97b
-
SSDEEP
24576:gAHnh+eWsN3skA4RV1Hom2KXMmHapqnbHOhllWwmmwiibl5:Xh+ZkldoPK8YapqbHOrmtiiT
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-