General
-
Target
3d18d539bce573477ec1562c88686d43dbdfe29c4556946af482c3e5aa2e9e75.exe
-
Size
917KB
-
Sample
240524-bkfeqafg3z
-
MD5
a362350a60490b6010c41ffe84f78ce6
-
SHA1
a24ade8b3223cfcce28218b812735341852ef15b
-
SHA256
3d18d539bce573477ec1562c88686d43dbdfe29c4556946af482c3e5aa2e9e75
-
SHA512
5297e4fb3d52862ac979bbf6d504fcdffb84b2a3457356ba8c2ac97064ef36f03906c00c78c94cf820f097d5f400ad6a56607bd75331a0311374e8c9e898cd56
-
SSDEEP
12288:c/ZitHOWilim4McpWg0CA3tSwXUVlWXQw0:SZiBOWib4vpWgUlXdf
Static task
static1
Behavioral task
behavioral1
Sample
3d18d539bce573477ec1562c88686d43dbdfe29c4556946af482c3e5aa2e9e75.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
3d18d539bce573477ec1562c88686d43dbdfe29c4556946af482c3e5aa2e9e75.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@
Targets
-
-
Target
3d18d539bce573477ec1562c88686d43dbdfe29c4556946af482c3e5aa2e9e75.exe
-
Size
917KB
-
MD5
a362350a60490b6010c41ffe84f78ce6
-
SHA1
a24ade8b3223cfcce28218b812735341852ef15b
-
SHA256
3d18d539bce573477ec1562c88686d43dbdfe29c4556946af482c3e5aa2e9e75
-
SHA512
5297e4fb3d52862ac979bbf6d504fcdffb84b2a3457356ba8c2ac97064ef36f03906c00c78c94cf820f097d5f400ad6a56607bd75331a0311374e8c9e898cd56
-
SSDEEP
12288:c/ZitHOWilim4McpWg0CA3tSwXUVlWXQw0:SZiBOWib4vpWgUlXdf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-