General

  • Target

    27fd2ef620c481f51dfa374bcc896396f2afcf809f1d5733c49aa1dbd59989d7.exe

  • Size

    848KB

  • Sample

    240604-bhgj1afg9x

  • MD5

    46d052c9934c3bf5c16b4f29facded43

  • SHA1

    31a0726815b320ebb59db1b1e0f4aa541dcfbfed

  • SHA256

    27fd2ef620c481f51dfa374bcc896396f2afcf809f1d5733c49aa1dbd59989d7

  • SHA512

    eea4684835d17b3b96bdaec717544d240dedd4f228bdd6203ffee971123f79953101ac7355454ea70e963595e9fe6507946bcaea7a4f95e041821d69cc1782df

  • SSDEEP

    24576:nMYeLvZN5iMfD76DDnDqLqKsvyWzoUFX:nMYeFN5iMLG3YZAyWkmX

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      27fd2ef620c481f51dfa374bcc896396f2afcf809f1d5733c49aa1dbd59989d7.exe

    • Size

      848KB

    • MD5

      46d052c9934c3bf5c16b4f29facded43

    • SHA1

      31a0726815b320ebb59db1b1e0f4aa541dcfbfed

    • SHA256

      27fd2ef620c481f51dfa374bcc896396f2afcf809f1d5733c49aa1dbd59989d7

    • SHA512

      eea4684835d17b3b96bdaec717544d240dedd4f228bdd6203ffee971123f79953101ac7355454ea70e963595e9fe6507946bcaea7a4f95e041821d69cc1782df

    • SSDEEP

      24576:nMYeLvZN5iMfD76DDnDqLqKsvyWzoUFX:nMYeFN5iMLG3YZAyWkmX

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables referencing Windows vault credential objects. Observed in infostealers

    • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

    • Detects executables referencing many email and collaboration clients. Observed in information stealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks