Overview

overview

10

Static

static

10

c9321c746f...65.exe

windows7-x64

10

c9321c746f...65.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9321c746f6ba80bdec0e6aaf47ed766ad51d1cf936b8197ea3157daa2b96765.exe

  • Size

    248KB

  • MD5

    297e6b504ce56e744ea09d9a38254c3a

  • SHA1

    7fb8cc35f6e7fc212d1fce6e3798e9c931b5e333

  • SHA256

    c9321c746f6ba80bdec0e6aaf47ed766ad51d1cf936b8197ea3157daa2b96765

  • SHA512

    826694b9e115a24b6d39610eda85b962644e7a9d7f3278342937c4496b1918595f4c20fbdd41fc9a7886ac76dfbc9e029a03f1f75f7b884cb2674e5cf0da728a

  • SSDEEP

    3072:WxQF5FZdJkDcHI5svKbWBQdOZKFoNTI5WqklH1R2OZXT:BF5FZdJmcHI5mKbWnK25zBH1I

Score
10/10
agenttesla

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7043784271:AAGVUDFHNrC5zVNnWh7T89GB2XXSmjThkvs/

Signatures

  • Agenttesla family
    agenttesla
  • Detect packed .NET executables. Mostly AgentTeslaV4. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs
  • Detects executables referencing Windows vault credential objects. Observed in infostealers 1 IoCs
  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
  • Detects executables referencing many email and collaboration clients. Observed in information stealers 1 IoCs
  • Detects executables referencing many file transfer clients. Observed in information stealers 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c9321c746f6ba80bdec0e6aaf47ed766ad51d1cf936b8197ea3157daa2b96765.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections