General
-
Target
1115e56ad66e65c4934967fc18da11d5caceb4e96cc9567366764c93d47beeb7.exe
-
Size
1012KB
-
Sample
240523-bgmdvsga95
-
MD5
4b772cc6a4b591eff3de738e5cc5aca5
-
SHA1
38f2aa48812118afc7631b2cf898832621228554
-
SHA256
1115e56ad66e65c4934967fc18da11d5caceb4e96cc9567366764c93d47beeb7
-
SHA512
d75726768d22087d93e003e9f526c7d96c96f443e4db13726efdecd366278c8982ea8527899b58a072e59033567718ef24bd46dc002ffb1db11e02e1d6fcaf85
-
SSDEEP
24576:sAHnh+eWsN3skA4RV1Hom2KXMmHazxjVHGLkdjd6pa5:Lh+ZkldoPK8YazxRHG0B
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
vqpF.#;cCodu - Email To:
[email protected]
Targets
-
-
Target
1115e56ad66e65c4934967fc18da11d5caceb4e96cc9567366764c93d47beeb7.exe
-
Size
1012KB
-
MD5
4b772cc6a4b591eff3de738e5cc5aca5
-
SHA1
38f2aa48812118afc7631b2cf898832621228554
-
SHA256
1115e56ad66e65c4934967fc18da11d5caceb4e96cc9567366764c93d47beeb7
-
SHA512
d75726768d22087d93e003e9f526c7d96c96f443e4db13726efdecd366278c8982ea8527899b58a072e59033567718ef24bd46dc002ffb1db11e02e1d6fcaf85
-
SSDEEP
24576:sAHnh+eWsN3skA4RV1Hom2KXMmHazxjVHGLkdjd6pa5:Lh+ZkldoPK8YazxRHG0B
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-