General
-
Target
395a45f3510c96310eeb7974a52fd3966ae43142a9bb26f60f8d773ac88cfa38.exe
-
Size
763KB
-
Sample
240612-bntrhsxdre
-
MD5
f4715542195c74fb6604a67ce1a235e1
-
SHA1
4251a06f4750edd2bf87396d80871cb502f24d1a
-
SHA256
395a45f3510c96310eeb7974a52fd3966ae43142a9bb26f60f8d773ac88cfa38
-
SHA512
3b74ea425c33f4d42b0e80ec38ad3cecd8ce607220340cae05c417f1f420adb21c5f30b9719f97c8268bc92de188539afb82d8d1bbc9ddddc47c9b8ece6f4d63
-
SSDEEP
12288:ofJD3HH3DI+Ej8s1O1dHFJ/dQKtmof5E3Z3nDOv0klXq9Sumy0Wbt1yAF:qJjH3DI9LArHFrbt5f5M3DWdsSuF00Hy
Static task
static1
Behavioral task
behavioral1
Sample
395a45f3510c96310eeb7974a52fd3966ae43142a9bb26f60f8d773ac88cfa38.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
395a45f3510c96310eeb7974a52fd3966ae43142a9bb26f60f8d773ac88cfa38.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.inducolma.com.co - Port:
587 - Username:
[email protected] - Password:
inducolma57 - Email To:
[email protected]
Targets
-
-
Target
395a45f3510c96310eeb7974a52fd3966ae43142a9bb26f60f8d773ac88cfa38.exe
-
Size
763KB
-
MD5
f4715542195c74fb6604a67ce1a235e1
-
SHA1
4251a06f4750edd2bf87396d80871cb502f24d1a
-
SHA256
395a45f3510c96310eeb7974a52fd3966ae43142a9bb26f60f8d773ac88cfa38
-
SHA512
3b74ea425c33f4d42b0e80ec38ad3cecd8ce607220340cae05c417f1f420adb21c5f30b9719f97c8268bc92de188539afb82d8d1bbc9ddddc47c9b8ece6f4d63
-
SSDEEP
12288:ofJD3HH3DI+Ej8s1O1dHFJ/dQKtmof5E3Z3nDOv0klXq9Sumy0Wbt1yAF:qJjH3DI9LArHFrbt5f5M3DWdsSuF00Hy
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect packed .NET executables. Mostly AgentTeslaV4.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing Windows vault credential objects. Observed in infostealers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Suspicious use of SetThreadContext
-