General
-
Target
7b3b27a5939919582d1c712df7e9a1792c22bebabb3f393d6681b0712e226a6b.exe
-
Size
2.7MB
-
Sample
240612-b3al7axhqr
-
MD5
a2dc840cdaebca556e71e98efc9673bd
-
SHA1
0f3adcf5a3a11852637d4c5b8bd1fae5969384f4
-
SHA256
7b3b27a5939919582d1c712df7e9a1792c22bebabb3f393d6681b0712e226a6b
-
SHA512
6b07bae8865d31c569cbdbca07e9993a5d3db4e5a9bf645f8c67867825a6afc8d838cf1b9e93905032d4298ab875dbee89b116b93b31353d997af73d4e771e41
-
SSDEEP
12288:6sAripabvQCGxzxT/lYKFVGjcbfafuDkU70MuGsSm0qyGfmsmb:6sAOpkvQJyK9fYuj7JMrfmsk
Static task
static1
Behavioral task
behavioral1
Sample
7b3b27a5939919582d1c712df7e9a1792c22bebabb3f393d6681b0712e226a6b.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
7b3b27a5939919582d1c712df7e9a1792c22bebabb3f393d6681b0712e226a6b.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7426366653:AAERgpeylo3lf--iVcYDsvLZ4C71qIFlyH4/
Targets
-
-
Target
7b3b27a5939919582d1c712df7e9a1792c22bebabb3f393d6681b0712e226a6b.exe
-
Size
2.7MB
-
MD5
a2dc840cdaebca556e71e98efc9673bd
-
SHA1
0f3adcf5a3a11852637d4c5b8bd1fae5969384f4
-
SHA256
7b3b27a5939919582d1c712df7e9a1792c22bebabb3f393d6681b0712e226a6b
-
SHA512
6b07bae8865d31c569cbdbca07e9993a5d3db4e5a9bf645f8c67867825a6afc8d838cf1b9e93905032d4298ab875dbee89b116b93b31353d997af73d4e771e41
-
SSDEEP
12288:6sAripabvQCGxzxT/lYKFVGjcbfafuDkU70MuGsSm0qyGfmsmb:6sAOpkvQJyK9fYuj7JMrfmsk
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with or use KoiVM
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-