General
-
Target
390b2151f97ed90201b625b089bee042304fe998171e2d9452135eecf416b17a.exe
-
Size
704KB
-
Sample
240607-bxgtbafc6s
-
MD5
355afaeb273ff043eb0c9255d372c134
-
SHA1
1657f3dca4b07257e5c0b0e0293ea55692637963
-
SHA256
390b2151f97ed90201b625b089bee042304fe998171e2d9452135eecf416b17a
-
SHA512
4d7c724f0079937568b5f2f7963d8e1e42cc4b9f9808caf8c316a9d09dbfd20b570042079f8af3a2333c602d7ec71e05603165cc1a64627e3fceb1bc78887ae1
-
SSDEEP
12288:bT3qyJM+LUGz4liP9QUOp+8r0G1xFozK3hZIvWJOmuLpteT5wOu58b3L:X6ORvzqcQU+rzitOh7
Static task
static1
Behavioral task
behavioral1
Sample
390b2151f97ed90201b625b089bee042304fe998171e2d9452135eecf416b17a.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
390b2151f97ed90201b625b089bee042304fe998171e2d9452135eecf416b17a.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.thelamalab.com - Port:
587 - Username:
[email protected] - Password:
Thel@malab@20!9 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.thelamalab.com - Port:
587 - Username:
[email protected] - Password:
Thel@malab@20!9
Targets
-
-
Target
390b2151f97ed90201b625b089bee042304fe998171e2d9452135eecf416b17a.exe
-
Size
704KB
-
MD5
355afaeb273ff043eb0c9255d372c134
-
SHA1
1657f3dca4b07257e5c0b0e0293ea55692637963
-
SHA256
390b2151f97ed90201b625b089bee042304fe998171e2d9452135eecf416b17a
-
SHA512
4d7c724f0079937568b5f2f7963d8e1e42cc4b9f9808caf8c316a9d09dbfd20b570042079f8af3a2333c602d7ec71e05603165cc1a64627e3fceb1bc78887ae1
-
SSDEEP
12288:bT3qyJM+LUGz4liP9QUOp+8r0G1xFozK3hZIvWJOmuLpteT5wOu58b3L:X6ORvzqcQU+rzitOh7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-