General
-
Target
7cbf4e7fdbd429d28e0eb54ca72a92f1af2cc6de478ef4a8f34643f1a3d8f71b.exe
-
Size
760KB
-
Sample
240612-b3r68syajd
-
MD5
8c63669cafe7157313a4f29899db4e47
-
SHA1
c1392caea7dd55e08183f70e770ce2ef2beb6355
-
SHA256
7cbf4e7fdbd429d28e0eb54ca72a92f1af2cc6de478ef4a8f34643f1a3d8f71b
-
SHA512
e769d0d6a73f6fcc587f6a932aef84996e6681dbace8611c9d5e31f897cbd7a2b9f92f5932e47868d19bba340bb1c788a81efac880701b2cdd36e8284040b85c
-
SSDEEP
12288:n3MD3HH3DI+KVQbSyaXPkTywNyDpufXfccaXe2z67lXheeAEyPh6j2Q:3MjH3DIRVQfekTy42Aiz6N2zQ
Static task
static1
Behavioral task
behavioral1
Sample
7cbf4e7fdbd429d28e0eb54ca72a92f1af2cc6de478ef4a8f34643f1a3d8f71b.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7cbf4e7fdbd429d28e0eb54ca72a92f1af2cc6de478ef4a8f34643f1a3d8f71b.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
Qb.X[.j.Yfm[
Targets
-
-
Target
7cbf4e7fdbd429d28e0eb54ca72a92f1af2cc6de478ef4a8f34643f1a3d8f71b.exe
-
Size
760KB
-
MD5
8c63669cafe7157313a4f29899db4e47
-
SHA1
c1392caea7dd55e08183f70e770ce2ef2beb6355
-
SHA256
7cbf4e7fdbd429d28e0eb54ca72a92f1af2cc6de478ef4a8f34643f1a3d8f71b
-
SHA512
e769d0d6a73f6fcc587f6a932aef84996e6681dbace8611c9d5e31f897cbd7a2b9f92f5932e47868d19bba340bb1c788a81efac880701b2cdd36e8284040b85c
-
SSDEEP
12288:n3MD3HH3DI+KVQbSyaXPkTywNyDpufXfccaXe2z67lXheeAEyPh6j2Q:3MjH3DIRVQfekTy42Aiz6N2zQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-